4abb96d2ec851b998287b1ea661a88583a45622db689483d11bbb98817cc8e4b

Analysis

max time kernel
145s
max time network
147s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 21:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3220f9df1ee4d073ccf80fea74082a01_JaffaCakes118.html
Size

123KB
MD5

3220f9df1ee4d073ccf80fea74082a01
SHA1

d4aac96cc14fb14ea406ef5ae4776f307ef0aace
SHA256

4abb96d2ec851b998287b1ea661a88583a45622db689483d11bbb98817cc8e4b
SHA512

3d5faf06317574c82398eaf149822c6020f88f645a439540d71d998172af0b866112f0218bfa848eb99c4ccb45ad12bf331f82818f9db3b34915a9093386eb2c
SSDEEP

768:yxvVvT5FnFvQGh+RLCgv7dYHZmo8GdZ+bXUzr6VgIw9nd1lXCts+yFWI+j:yJ5JZWLCgYCmZtqVgIanlFWr

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000930ed985b08cdd4cb38e38023150682b00000000020000000000106600000001000020000000e5ed9b8d4d600dc9636e1c00dcf8b0ce88f833cb02f0a023c2e9c65cf2b40e79000000000e8000000002000020000000c49c938f288e1dde3b9a5274a72d75dc81487f4ea1086f71491e0c3f225830822000000084aba9b391e0c93636f09e0aa62fe057eec5c96aa8397b7de4b1711c564f28ca400000007d78f16c702cebc5ed391d80fc27c8bf0f93f88e3cde32032e75d1a972513ccfa2b808895833b79b79f9f52445128a3cb7d0049e2c66eebdb491e0cb571d22c6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426727040"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{096E6CC1-3E45-11EF-87FB-724B7A5D7CD6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70cee8f551d2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000930ed985b08cdd4cb38e38023150682b0000000002000000000010660000000100002000000005258b38057e68c5c63bad00e44e20df0e60ec4e4d904c6542824ad2eb3fb09b000000000e8000000002000020000000fc5710e04da87669fd754d1768e1b8f3d1fa5cc118a1c49f3620d254b4627ef5900000009de23cb7d910f641edd49399dbcb74f981ccfefe88c26170892d06af48f4561db41b6a9ed37c3ecebb2b9b5ccd65ab3afe0828675dca9aedcf90ec5ca83e1022a3300b2568796dda49641d530223190cc03516a3c84da7c26100db0b9208dfb2bcfa3a21bb8bfabc4d4dca1a9366c1ee039ca0cf496f6d1862a0339d2ae2fd58b0d65c7b3caf0db5eaf9e8f71fe49d1e40000000098580621df919d3d305197a188683e99f38f7064ddfae2beffcdcb83f4129a5884b955ff7468abfd078eb7080684c63adf971a4f9ebf6a554c7d7c45e397a90	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2700	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2700	iexplore.exe
2700	iexplore.exe
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2904	2700	iexplore.exe	30
PID 2700 wrote to memory of 2904	2700	iexplore.exe	30
PID 2700 wrote to memory of 2904	2700	iexplore.exe	30
PID 2700 wrote to memory of 2904	2700	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3220f9df1ee4d073ccf80fea74082a01_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0537d7c29ae61669b1ff835e238a1b45

SHA1
7611234ed89125f48ecace09317aa72bc94f5e0b

SHA256
fe5fb7224987041950feef0e6fcd7955359c72fa38f7bf30d2c31e8e57387247

SHA512
e0ab8ca35c8aad7eae7b1e9da754b0465019eeaaccb7b8edc6c5e00b075c08319ce91081e4c7ff12b327f7edd4e15dc8fea2d737be131489a9d7f9f16a4da604

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14afca5ff95cb0b5191829472950ca6b

SHA1
5c04305d41ccc432099e5735ab9a87054400dce1

SHA256
73a0c9f5eb758bd170e74baaeb1df60bb328f4f7209108a912af9a3eed43d8f5

SHA512
da7da4124202ef00d05035264abb7b99ced07810cda1b5f6302ce7580f986ea7ae3eea2fcf44aa4ab409b5c9d28380b74d7f20851ffc9c21223cc56e859ed18d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d9fc83ec25a8b06424ea278d1ba621f

SHA1
b77028bfdc0fd533042a27de507892498dc37441

SHA256
a13d126653106805f3d1352eea2d28a63427e160abdc71bf85d1a33c2cb3ed3e

SHA512
2665d505e7739e890d2989fcd174b7b6f372dd3667b2ba3b939e99ab94ed27ed73bddf012d0e6e192ef599029acab7a0080043cc369a28845bbe32bd8027b158

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1f25a519b62aed0731450fc477aae54

SHA1
b3da6f005966ffb8e87479a985f129d638c7c00d

SHA256
c9afa185721a92623796de3988c921ce010c4477233e91cc1d6132f317483e7a

SHA512
9f9a55efa204874972369a2674d3ece60ca0a447c102ae447e9be084f0280390378981cd8271cb156ab3546f1e654b73b0bfc175dfa755564d5fad48e0b89488

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
baa9f42cf4adb64bdbbb110a4dced0c2

SHA1
6eb62a80e9e45418b79ec722b60b62dfe8831e9a

SHA256
f26340518cf02046f91866e0aca2ae20f4df3503cf4b2c717e34e63cbd3fd559

SHA512
1a3173cd9422668a961ba229d9d1c7d0ec15a03a2f9419ca57fd60ff3a2ba3bf43ac859ae4b56eaac4c5125c2272e7da95f982178a7d613b4332f84af0761257

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
591788a5cb7199d82fbcbf2b32a79347

SHA1
bb18f68bf83f95e7c216e4c25534b24c82bb4a90

SHA256
4d38c8e1bcb988f434620a7a0e99fca227c8efa083bb1010df494035ca12cfb5

SHA512
11368645066ff2b5e9c70b8681400665d7c778c81129900169bab8e3026ad37480263de3e321fa23191240fc1e994e50994c201dde76b7bf9171d77048bc3fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1945ce1395d0c41182339fda475ed3da

SHA1
0a9661fcf0b43641d4c898d2cad378496544a5a5

SHA256
1b5afe039b4d0190c823fb846ee2e176ca4b72fdd4b9001fb2f818ac01c27740

SHA512
2fe1736196a15f6e6d03373ea41c680017667cb5a244e92880aec285a41c3466016c11e7141b151f96fc1efa3d80c49ef90dd6f2a7a839ebd8e3ac17f5a2a32a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
acddd69dd4266a88499b276ab2cd2c51

SHA1
9bff1ec67b4ae025aded39aca7eec49636f97017

SHA256
3b6621e7595c0656afdbe33bcf782aa3d3d47aec7680510854d803c77b5b3c1f

SHA512
728c8141eccb2bccc991be15ee077888c2634b37dae570993a66728bf3b08dcb2f39a4432623ae867b5226dc7512d799de943f11019818fe18803a5e992f05d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2412ae712a703fec4f6bfbcea08c51c2

SHA1
4b2c2a317223b8b18935f1e2d56aa534761b4f7c

SHA256
5833ac5916cbdedfa1ace40987968296a639b8a00ae16e8bca2d880b08cce595

SHA512
44f7a8bb207b7eaf749d75c390db9d1f47f27100d1e57e2736c8c02691687a507265b926d8eae449f4230eaf9ff638cc164795dad013659076970369e277d644

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2e0e302cd700c53f88e752df70bb2fe

SHA1
d1cd66531334e56f32887187226eaee7cab5062f

SHA256
a3a63f1fbd618035b29c35914e65bbff16fef1c8184ec66249d1ab27db487747

SHA512
59c62e17624621498e0c72fccb0595c72e0becadca861b06aec84361c3fe5af7edf74eccc661cb5987f6fefaf29e2115c9b549ee423256b399156d7dd25d0305

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d052447548a95d32cc3ca811d841fe87

SHA1
e0799fdd541b1ffb8d97ffc2312a01ca5973945c

SHA256
b7dcf8070c27d77a81839178ed300b49099e6509497a8512168eebdd795c388c

SHA512
4ff99a58ccff16d47c052b9dbf33eaa210a16ef5a61c4173fb5454f06e47a9dd3e97f0561ff0c910eedb0ea0711a7963402a0e91836f1d3bc5a6ee795195a796

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80c218fdc18d8dcdf62389a1283f4c72

SHA1
cf3e9f99acc06680d8d31a4ba04c325b28783791

SHA256
c852364a62ebd28cf0e0c41c2aa3765474342def9b39aa7ab5266b1e6e922812

SHA512
eacad60881f562570a7363342e704e9fdbe35c61d056387c134b8dc7f7de01c92ee5e56078be14d7bd1b64330f32257d4c1597bf1fbdb9812a603900e49df860

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0882bab27c25c1e1663424303ea3a70

SHA1
7719fcfd11d005a0330eb79c5b6d86db8d406863

SHA256
905ddff5e07272b821fec7465f8827eb8162a1e26298f29d36382ca44f7fd083

SHA512
9e649535e6327d2f4956bcceabc42b2afc07ebbd4e042cbc716b8d25803fd0f979b61f1b1a63faf5874ce1b7dea1f622d9457c966ec2b4f79cf1657c75bbb492

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e4181221bc05499fbe9c53569ecdb04

SHA1
bf638e929185d48128463411bfda781c849dd5f4

SHA256
e5cc8a7be0c4449d4bc7e93d78d6c8237262cd64455adda032a449bc5759d986

SHA512
0862a3699b15bee89ae7f3d195f1deaff7c1398af79519a98d4f80c61781cd2b149a3060060013eed75ce1535c9779893aef7ff68f7d760a92dd672e4118e677

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
356376804d5e8115488110b1e96df937

SHA1
84983ec437853f485b5fe1fd5010e4edf650fc58

SHA256
3c9aed59f78d00e0f003743baa17f05f28ebf7e9ee5e3c94d292ec650ce7dc13

SHA512
b24a69d48270dac963769704f570612a48feca9b724b531ad15155069f3ce692039e0054f74a5349df49c8db2991c5b7ec109f98c38ea56d74d123fc36998319

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38496dce58b0cc2a37b4223eac62a12e

SHA1
6400c11b81d3e04c7b926c85991b0303e66aa423

SHA256
6d71905fe05c300cdd7f3303cb120624634d2585e2fd7190a14c3f37da3b19ae

SHA512
8d129cf9092c9c2a1b362e819a22f303b97694c1d4b0c468fdc3564bdf14b216531c2109ca4baa3a052c3f67667c49e7b8cad841e5a674bdc82ee683d54d98f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD8E3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD8E6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit