cf58187fe19cd7bb95535726f826698c72c087889efb41f2266f0d29993f1a67

Analysis

max time kernel
135s
max time network
129s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3221f62ecdbaca061f6265464cd7a29e_JaffaCakes118.html
Size

9KB
MD5

3221f62ecdbaca061f6265464cd7a29e
SHA1

0bab7f864840e118b0c43e6d3f7d9eb79320c3b9
SHA256

cf58187fe19cd7bb95535726f826698c72c087889efb41f2266f0d29993f1a67
SHA512

6d428d5bb1759f66bae11fe676fa0847b83f32eafe4f93fe283f3e122818370200ac3b6a2a2da3197a60be0055b725a6ab81db30035e0296174053acbae74436
SSDEEP

96:uzVs+ux77QLLY1k9o84d12ef7CSTUVGT/kPscpUlVHcEZ7ru7f:csz77QAYS/cxUPHb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426724640"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0c091484cd2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb7800000000020000000000106600000001000020000000c4eab301416122a4384636af42a5fd70ca45f7d143410f6333aeed454f600e6f000000000e8000000002000020000000c04bf4bdbf25b99dd726551e7fb08978b950f586fe8d7b3b716650290eb7cdd99000000042657c070607ed8bc43d76a92e2b4ad562d6ae350e1b9bbd2c9a533188bbb0cece3457be50d9f0a63f708905ab7aaf3b8c101bd087ba0317f01eda8fc9a4f9bc605a9020e57e14c238e773fafc82d280e38fe0416d01f748c45005f7cd3d6b02c584785c2c63806bed421048bfb867aa1230e8f9cbe6541a303d509ac697d3437e236fc34ca1af7c71368892f3b370d8400000002ac97e646aa05e5495a70b8b4af9accbfa664ee3e6daca820da3639df27ef4ac5580fc9959692dcbe137629d794b2962cabfff46dcde4ddf48bc862e7c07ae50	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb780000000002000000000010660000000100002000000020f57a30d6b9c9a0fcbf8a4271ae71708401dfb53278d85355e64f0f9b20686e000000000e80000000020000200000002128225d3387111b13ffb195ff936e326fa353ed5b3a284eac80cb04d6d7b050200000005f9784a11e1594c966131e0043c3f10bf33c19757ed7c5cd5ba2bc16f2d2af2140000000b4e158ef639b4776073e7954f112a8cb03aa70b95a93d098b9831377c645e0bc502dfa398d888a7c109505264fa2cb66abed13e83ec88257b6a0741c1b9389a4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7386BAF1-3E3F-11EF-B93A-424588269AE0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2636	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2636	iexplore.exe
2636	iexplore.exe
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 2680	2636	iexplore.exe	30
PID 2636 wrote to memory of 2680	2636	iexplore.exe	30
PID 2636 wrote to memory of 2680	2636	iexplore.exe	30
PID 2636 wrote to memory of 2680	2636	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3221f62ecdbaca061f6265464cd7a29e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2636 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91c21e3e67f72b0ecacd93aaf96ba8de

SHA1
738c3c08296417c12ddd2a86991825f4f6b404f2

SHA256
358502d4e8435211edb5c4e8b4bf2cfcafe07619d81739b26a544ea8ecee36ab

SHA512
a4769a9a9fea9f90756d080978a56fa998c9d12367d4b1e0e827f6ed09107c045b9ff6857ff90735b5797820874550418fd3385dc834b80db59732943600ac4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e06fa364fa3d4e0945ae29ee8eb0f2fc

SHA1
58966c91812a2bb8222a4974e844e0abe380c473

SHA256
a4dcbff4cd80ab4048c72d34b912b3f468612b1716c065a78b24a865ef1b22ba

SHA512
384bc2626eb1d7a1ec450f49696a801d7ecd9d6ee2d19de9be3d812bd3ee9192886a6ffe516e78d00ea0716a5876eb32cccc534e4ed7ffb1c2e3cdd4b46c8589

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b47b01d600aadbb4e231f4c026a05a0e

SHA1
9b3c3075294584c8c96551776d4d5c2e70783ccb

SHA256
7d6a1740409f4384248c8c5c939d26d2d77346d97a0df79a0a50daafdb1cc79b

SHA512
ed04c3bb946e5e2c02108dd27cad47a4861549c2d10f7bceef014451d64b1cac499339049833dad80a6372c8cb1864ef7e1ee11e35fe7e01975893dc95294d94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a91db2bbf540a798554c275c1727f707

SHA1
1d3e69688dbf9f3ac6bc3dc3d668e88cbd7b6a13

SHA256
22d32526b619d84bde223caa3e682418d88c1eb5bf541c90f8a04a344f7f66a0

SHA512
cf538a1bc430adc0d0fd4307c5582e4aff2c2686a5ed0ddaaa661bcc15e3a9cc22da27196d0508c89025586d2123e43648fd28abc430d6a4396c0d585ef328f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c824cf5ed13351a45e63a81d12cc7e8a

SHA1
82cc922d0b462211c2f04a9d753f8ac196e9da34

SHA256
1ae51258f9fcf8d158cce0664de78349b08c5fa472c94fe96262f70237faa7e6

SHA512
04ab2e0a2b8eeba8ee0adc3fdf532000f46e14c8e4bf25c5feb2763757370f12563c53770c1a6e6ee13385e824b619b903393b5015915e701bde66455829b12b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2221b64aed0c95fe507713d52964176f

SHA1
9b909b3934079b25e73ad5283035e621e0ca98b7

SHA256
64844c52fa65da4b0c4450315c9e412b5496010bb756d68b08640d8ab81b9f9f

SHA512
cf5917652b1f5ed03e33100629f8f6e411768efa5162bf9cd6c0076240ae54f971cc69b19091f2cbdfafa957d455d5cfbabdc8f3bf944260cd18ad26769c6f99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c72a3e9a04767b345c8a2f3b5b57a257

SHA1
c0492a0ee713575d2d915a582885df3eacbed8fa

SHA256
e7990a516a6e5bb137cb491f6f627e8184a30e65b9bc2b5f167c3eea21fe2178

SHA512
36ff2ccc5776895164e1652cfe39991024093fb131b3140aeeddc8ae8d4904fcca54603136ca6e15d5405adeeda30ec5e5ceff4516f3c72b55283cc96e64d34b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c962ffdd6b2e2b2695a693312d1c6826

SHA1
20f9ae853c71fe11cc104411dc5dc439347ea581

SHA256
9376f67f708a6fa93c03a9a39e3f09fdcbc8379cc04fed376e640051f4a8f10d

SHA512
4ef6ae345e7c627c37c47d99600ebb6838a818a6ee0af11a1cd98143d3e1e1965fcadab73590b182b60305d41c3c043438a6d7636ae027ba2af55ec42c7fbb3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31a36f7cc532d0d4fa16a3efc026236b

SHA1
3d7ec793c1400276f5df112dc6cca665b537c0df

SHA256
2405b3cbf1feda082a1b8f09671820310e8498628f55426007b18d78a8226b7d

SHA512
8c34994c9e13bdc566e972fd0f0dd7c4b4f80f9698a5a9df5fc0de6ccd6c63cf198f70b8c8a49cc51b1007651ba2f34601388ab5d6e6ff2bfeff79ea485d9e81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5b2f7f4d6f6cb5fb0119536371488d6

SHA1
75afd6a77dc919bd5f14f4b8e9d750f9db1c2c48

SHA256
a6e316375846b772306ccec7a9453fd8fd13fdb76cd1ed01a734555fcd6f6247

SHA512
b4b4c2c2dbb55bb66d8450ce6407b1e7dc5f7b84e01f7b632fbf656f4926283839d7b62a94e424be3f1ae2b32378c89d5b9606fb7eaa8479e4eb3a0e0f660fdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0bfb1679efe30c38c7dd291d7acdf928

SHA1
79286750b9b6844a060c4fe0cd0ea4aa064317a1

SHA256
b6513b9ce46b577f511cad3aacfa31031eb15c283196e29b37af6591755d9bce

SHA512
583ce151d1f015ecf08d330985821c8f9da6d18c30a4fc64bc921d75854cafbe5aed884b244c0f74c5465e68a374f62863c26dc93ed5d0daf0ba5ded96d52c72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f44d850231622a072607d67d92457017

SHA1
e85b33a76ce5034b7bf17e045943a34a8fe955e6

SHA256
769325d23cbd8ea3e34b091977c33b597bc2616cbc0d1881652a0ab06df63f69

SHA512
a5555cbe7d65b4b04524e6d80664147cede1b438eff0d5e9ddff5c863b32bf1cc63e6c9fe3463fda631f92789bc4bdbd45603ab5a9ac6fdfec03ee3f8827a226

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b74df9101f5e9e8be125969af855204

SHA1
d190601f4903304398f0b9155e8326d60ac92920

SHA256
7df06d304dcd62dcc68b263bebbec3b759c26bc1bf36e67db6a88844fd4e385a

SHA512
494dc44dea19f8f15843d6d943ac9d8dcefb089525f62a2bb82e95b43c45a3465a0fdbf960fe3c58a9e42d2bd7586fbc93a7bfad99d50ac7bb060629a3146acc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68b9300e38b1797f59ec9e0465a274dd

SHA1
194fde782da71e09fcca5b6d1250efa894efabce

SHA256
ef807eb5758595903f36aecc45426e3ef5d09f27fbac6509c0cc2dd386c8fcc1

SHA512
f13ea5627d38fd4b53a9f7c825d1278924f1b05c6b29b1225381490ded28680e0a55256641175cedb9e919a15477ed67815739ee46013a9512a5a9ee44d357fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6442a3972343d0e91365aaf0baa87f5

SHA1
49d45bf60a046f752eeec2c4b3803cd56674eaef

SHA256
65161a1b5dd6fe71821e50ecc81ccb5f448a8b59a1ea579f36a856c9f284239c

SHA512
ca96a6df5f1e0460712fb1319631854cfe8a70afd5e41161b4d7c2c2cde7fae3fd4a603f9d005ed895a8bdf7d70df1ee0bd0a912a2ad511c6723a75ac07637d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afd0a8c7bd60ee1efd17f08ebbcba576

SHA1
cad3cd36f5a78786ee6289f1b697d575de06fb54

SHA256
aff28eb05debbeca52993823d4e12be90a5bddd30a3dc201ce5b05b3903b2b06

SHA512
447cd313d049d4bb4f070140cf98c3655f832d89474ad760bcf5d19c117f08b0dd23d32a54c545d9da714529afd0c7baa55f9fbdf9fc102a6b8a27bcf5647bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1C98.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1D08.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit