d383c714f92381c9655497fc1f998d3ccd8304c3deed672977a6183ab805b55e

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 05:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f32dc936c944a7baaca2c47eae7a9c8_JaffaCakes118.html
Size

14KB
MD5

2f32dc936c944a7baaca2c47eae7a9c8
SHA1

207a1b828ccadb68f0c3606d2b786aa5a4e2bb5c
SHA256

d383c714f92381c9655497fc1f998d3ccd8304c3deed672977a6183ab805b55e
SHA512

049b995e0e0c2aa2fc26db4ca0f5e435c89f36a2297c6f3b2a818f776a394647cb15e2d8d9c24f398942e995cbae40ebfa8fd5da0f8a69c8b1aabab63034d9df
SSDEEP

384:QQcZdzQ9Efe36QZYObaHOhaXlyryI8YuZHR:bcZdM9EGKQZYOpaXEuI8Yu3

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426681255"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000b8552e15ec886f453cac6248672635015801e88ba2a5b416efe8ea7c00069915000000000e8000000002000020000000ca5c4102f72b1bc4f8efc63704d96f643e05d84d7d877b6a93a7db1ebfee4d0f90000000f15a3747583042239c94592ab29221abaac73134e9cbcd867f1f56a595d0ceec5c3db7c16f1a4410ce9b2f30d7055ac1efe5e67d4744a02416830cc527dc0b6c0c94e552b33c110c2e72e53b5ca5efc541d7a21834ca1850340d5dbdfcb05fa04f0f0ced60841ee8bb8e8d4207016a6edd38988b51cd1c9132d66b9acbfcb5b83a06da55d2b9f5ed1f2eddf60bf8a048400000007d80fddc47c28bffc45ba6c1d97cdff90563aac340f14e9890f169b7c85a31775328bc6eb2425d08e217f26699193bbfe8566fab591c563a7102b364cafa0612	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{709EE0C1-3DDA-11EF-9749-F6314D1D8E10} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0d92545e7d1da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf71000000000200000000001066000000010000200000001037fc53c25debe6491bf72225162bf431bf612167ee26ca610854386c741cda000000000e8000000002000020000000fc25ffc8fe4fc411c95db4b597c0b3d52a33471f42e4ee3bd947770400d3c44b20000000f49cda6c82976de3384a9707d8426647062f2829c4dd327666e85a26b9dfe3f440000000b6fbf4d5a0746404fb9d3915d48a002f4ed73b7e09d31c9503209edfee2e4d911faebada79699d8f97cf9477389ba04802e5d9761c40d001f63231619afab1f5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1952	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1952	iexplore.exe
1952	iexplore.exe
820	IEXPLORE.EXE
820	IEXPLORE.EXE
820	IEXPLORE.EXE
820	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 820	1952	iexplore.exe	30
PID 1952 wrote to memory of 820	1952	iexplore.exe	30
PID 1952 wrote to memory of 820	1952	iexplore.exe	30
PID 1952 wrote to memory of 820	1952	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2f32dc936c944a7baaca2c47eae7a9c8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1952 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
535f2144ff8231597f4711da6bf5250b

SHA1
83309becad5c8b6c097ef6a11ac2e5612cd8d66e

SHA256
ed1517ccb86dc0846adf311ccb7a66ee9930b94a0b6fc6337546549d01e607ff

SHA512
48b6985f789691fe43549f8313ce790b5fe72ca0364ffed5b603ef5a94060fb010d586d0ab277f721f4c97716314496d8957484bc9f25b6605f310071d7a4382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c913ad4539c192f99e6d422d9d18df06

SHA1
307012dfa9137c8b0635fe443f595d6bffcbae9a

SHA256
3f558b1ecfa52dc4a8b791092ce27c8326663ea37adab7642b38e027497b75ce

SHA512
32c071654ef6b35e62c5b632c64020b954b8cb0c15cb2541add37e7bfaea4b5ede6f2a576b8c98e5229403099c8ddfa21660f05de7a5ce6be982ff758622495e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c9077013376b0e1757028500b932cfe

SHA1
dc32dd1b18798fa9f6acc1555ba200ebc764b7f7

SHA256
e74ade75c532b235e866ad05b84acb46922bab4d3c645c9a5fab056a1f28bbce

SHA512
78bb6b9b4341bcf505f5268c36b6999c1a05ba41970129c7a508ebd835e3b329fa1ea27b2d5cfb03614300cdf09636a81fa53705962de94f9dcddabc60d686ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b15a68e7238350097c5dff14403b8a19

SHA1
4f4395ace4cafeb2f579f2114d7caab858592c9e

SHA256
6eed3dc7dc9a659699963be08d8a499d19542094b1212fb8a3cca3e89898f9e9

SHA512
c9ab294d741ba5c142dd3e5b5122171d0863dc597e7e65d817406865dd7eca2f0bba448f1231fdd592412530e7c31149bc44118ad3b62df9be41152ab8aeb42f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b85b888ee7c3b4c26126b458125258c7

SHA1
d1827b8a965dbb20051e6801d19256aeb2c38c65

SHA256
a026487caba9aa8716c0515ba184833c4de7b67fd18ba828a65814a513548a46

SHA512
c28cba22b07dfc7019bc263a75e381c07a07d36ac4dea8fdaf27003ff2061431e256b79b6b2e1d83c3c1eaa4207a6e4575e5bcd67618376bf7e276adb55a111c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
524ab8235c10db8a5e439c140185a513

SHA1
804fa0f9cd05bf939539e50f99aa607d39be47f8

SHA256
5658b78b23fd9603df612307f8a97b1906559b3a6fdb915a04d104c1eaff0a08

SHA512
a7b1ec1eb0600ad02555b7201912ee854468230628acc7cf98092600184f1ecde78d4c469a82c21216df726ede07a363b1c0ddf59136b5b1529c0286d3a87d4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
671e93b17d62918dab2a5c8fad44da79

SHA1
a9861330ad212517a94651cfb946e3c00e6a2ee2

SHA256
27d785f7147c525bb041b91081ca032f01034b2e93c6b1a24414c4006adbb38a

SHA512
683f1d62045959efa66268ad434f0d6421765ea9b93061bc27a4743214537cc69a9e0a025fb056a38813f835c81f79f255e180270af1119880f2d834d370f566

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0e64bc4bcd19477abed32c3415d88a3

SHA1
879bdac7c21c40b119acffa271816709f9a329a3

SHA256
fe73558e884c62b9a5614c43b8b1a06463806edd4e48bb6cfffd8fcf176cbc23

SHA512
2bae3a42c97d6f7341e7cd041e0c2aee5c8e538e8f6f151793414010f696c6eb8a64d5d60c2f840025ff576c3b2a67462d4819205dc41aaeea4b6ef096e3f8d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de068cbd7f252d4abdc5f8d34553ed5d

SHA1
0a0dd4e266c266f9cf7ee3b3f97aa40170ddd7c6

SHA256
272acb17c769789beb94b7351c58221a7f19b7fdace74638aa28a3835a04d22d

SHA512
40e560cb51039e45aece14600f694053d19e83352e8325e76a8d46940824a9deb146c3f9de777bda7d8f530abe7d6e66f1621e6447a3778e8bf91db8233487a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c7db0c96970817d888de29f59640d6b

SHA1
6f3093bf0973704d8411dbb23aae4d30927d29fc

SHA256
780d164612bbaa7e208430dffb55ffdcbd3f7deb19333db63a3d93e92e168a16

SHA512
47035587a9a1c1d8d42912182bb1fc2332dba0c054aa3c6cb28a1e635fd6d2fc0be015a2c7292a20c65a728904d34fba6ce903ef47abbd4fdcff374975962a8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
673af928ce5fc63e7b503ad3018d4a20

SHA1
a6bf045a8c0fedeb8ef898bfa8b64df846ceb0d7

SHA256
e796303f6d00cab82391b0070b74b2be424db47a97cff31447d219834e38a336

SHA512
a0bc1e1ea059e111dbf3ad4c11606f3fba4ab9fc293ae8b5d346c1ee2a6b1afc779c25ff1b68824fc55ab0fd7f8e5115a278c17e941288f9af310a7c6dc77025

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc4afd24fc1a54e2fa71238ba80e3970

SHA1
5ca80e992cd0d77dbb1f69427257065b8e47abaa

SHA256
8cc2e1311cbecf270080ee6f911d03fe4f3fd4f51fd27df97240ce75a6aefb47

SHA512
6eecef42210037c25941a2a554de729f65f70dfce6adc61767b9a5a7924a8530323d0f15e3a4ed27cf9aebf0c171d4b8f2ccfccc7aa173c53da837e521d979fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c99080d14534283244303478f26b6c7c

SHA1
20445a45bcda6c950fc0ff3153cee834d9ac76fb

SHA256
e6c55a24e7695ca9a48da273e61e8640fca473e8904bdec0055aad1d8fdce3c3

SHA512
db5eebd72524f68ae2279d43bacb3cfeb054116acf75a080ce830b3a44ecc1b3f1ee90e93d8c99ef2ca75c8c4ac90a5ae1e5196b1120f8b53378dd5da12c0f9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fe8f748b94dbcebd94475264b0d242e

SHA1
cb01d778fe6eb9e0e1328539fb3c1ec2f25398a6

SHA256
990631725532448330bd301c2470e897146305c14fde943f5936261aec59d40f

SHA512
d72adab3013589ce3346ae482499810091422db280e2c384630d04afda603fc17dd46b0609b8b77a56fa2eec17eac69b5c740b94bd4f7ea577f6921baf2f5440

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
018ec314a7e24d9a61e772ac1288e7d8

SHA1
71dd235778dce4c5bd4f521d96b002fef2b1110e

SHA256
ad50df76774a674a155ff73f5439ce35eed866655441518f83597903799fa477

SHA512
d5c7bdd523f1adc1189091c622294d12059acf4591e19b49b8fe59be4d4927b6d9c3cbb264ff0b033221ee8b2dd72196d5112f760d4c1e1c3460e55823f6c4f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6edc5f20bf8fcc75e5faf346df88f414

SHA1
680fbac6a407c6c86e6051c1d74a1b4acc34bd27

SHA256
59adfd1fc01d204ceabae574b3e215ab78b83295f979975f3ed20cf4f74e11cc

SHA512
9cf9249a9c67766a6ed6dd1284c0618e00204ef5e855a8863acea3b70e26ed25786c30d10a3d333ce59911bd5790535b6a903553da2f4fec6775461bb169d78a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d67f993188831d6c59f976be396897a4

SHA1
a69b7babe9e9120aa623c177cae22f8e3e7c7f8c

SHA256
4d6a79cd06617c32adc1a8b7f82da0de79fd0880403c17e377c00a6a405129b8

SHA512
ad31d137e9a6921445b52bd8dd0f026fa58efcc556530cdd795a4c492ff3c9cddeeac6e028b456ba4725e40c5330018a51b6cece082963b8383098fbd474d7da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2E42.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2EE3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit