93001d37f5a2c7ef459376b5b96cc8c78f8c558ffb784ba58979d2ec17abcd8d

Analysis

max time kernel
142s
max time network
145s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31a277efa122bfa36640d794b7a3da69_JaffaCakes118.html
Size

21KB
MD5

31a277efa122bfa36640d794b7a3da69
SHA1

d290620ffc8a463fcb9226799072110ff6a9aba5
SHA256

93001d37f5a2c7ef459376b5b96cc8c78f8c558ffb784ba58979d2ec17abcd8d
SHA512

8eae6bce25af9a1aaa8d6b0fe3e0e04aeec1118f3799aee0435b519d6c5f6a9ed8108f3eadb6fe6c57c9e18872c3c3b3f11bf0433330c0657e173743f6191e9a
SSDEEP

384:SiGjPFr9DevaIG8yWWQDdr6d/X/+54KMH3bQp0baOuJZTOLuLg:SiGTFr9DevamyWxmd/X/+54zEwaOuJZg

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8014732f3dd2da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c70000000002000000000010660000000100002000000001f9a1fa09a468578290e3574fcc86fda42771349dc9c71fbeca8dd8829e5d34000000000e8000000002000020000000d2e9238dde9e787ec6a9bd0662311df2a5093c67bcc62b34c344e186a0f03cb3900000000f530ca3573e86c3c8dec9a89aa3e1de9e1281cfccaaf3a5215ecbe0ff0e64fcf66bdca960873c0728a82caa465834823c7c07fb0e665fdf5411f24a3102098b41af6e9d096a8914c7eb2b1dff20d471b05bd7eeec0acf2291f0c32b98d3cc6e03923d0ee31ee272e93b8aac2d499f625a178d25e44f5d7e37c63746cd64ba1e23445603adcd12036921124e40396d4d400000004adc902935757308f63a93307d71fb573912f62597f48eee6fd07f8e1e5284465f187d0799f0236b921af9e781f278f966a2a3537f55bbd3dcdf33e206d8638c	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426718150"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{555E33A1-3E30-11EF-BF59-526249468C57} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c70000000002000000000010660000000100002000000059dd27c427971b12ba075a59a8e7dea0f08a7c29dcecfb3d5dbd2b9c697e710d000000000e8000000002000020000000d9980644bffec3c7b81f5bda10a053dcbf7f627b519c6b4c5bcbb9d83c92c01e20000000da2195ae3ab0ec03f1ecd4e217baf736447b99622c1d9b343134055239a6e674400000002f7598bbed5376bf4d96ab03921ee102f81da035ed663a3f1b4c65b1c45561598195cad2441a9836a6de3f66c61d34f63237376c6af5369fc556419e4a21d529	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1740	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1740	iexplore.exe
1740	iexplore.exe
804	IEXPLORE.EXE
804	IEXPLORE.EXE
804	IEXPLORE.EXE
804	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 804	1740	iexplore.exe	30
PID 1740 wrote to memory of 804	1740	iexplore.exe	30
PID 1740 wrote to memory of 804	1740	iexplore.exe	30
PID 1740 wrote to memory of 804	1740	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\31a277efa122bfa36640d794b7a3da69_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6de2f3f73d0b3c6d23db534bb8e9cb9

SHA1
a74f6d750126628d8c108da1323bcc1aed8cdd70

SHA256
05b33dda9cb5164ed1665e098dcde219aada0a8dedafa6a1dd5970d364559593

SHA512
20487c62d66e573b511071bf99f4e0dd7efc05d50597fc1240cc11ffece59db0760c98b510d7647dc3c01ef62b1f62b2370eb2786073129c9f0f9b7d803ad425

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99c40005c07784adcb5bfc5dbfdea401

SHA1
220454f76a8506e8d6dfdb9fd04f8716eeedee24

SHA256
55aff97a4e902e82a0ae72890e5f0a9924b47632e3d6d1a117f7b051db41f3b1

SHA512
4ebde73cbeb801adc48833c59f40312bfed2999a2d5047b22278344d8be5cccfe91cf74167bc4b8e7a7c70570c2061ef502dfa955fda126d9243ad500752a8ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d6ad350626d301e3c190e3407405281

SHA1
394e18fea7c5843cdf90641b83bf3670c128ce77

SHA256
deedd8ffcf8799d6b2e7506295e48f23de3452afdaf57a0b6f3dc913c3e9ffcd

SHA512
293db564444f0f3a3422d097107cd3c8beaaeb57474ed102c2e81fa185c2e715fb43e490269f1339bcfa934f3151d63f2b3e98bbadbf37819ca14d99f045cb28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08d86a2e39668c57dca1257ce9f87686

SHA1
9e28660260a6585394398be5d9601c740d14b95b

SHA256
9e84e9372eae49411c59cd2836c8581cf3514c339a2b4e2f5a388a418144e8ea

SHA512
30d8973e68404f266329475039e411931083679b5ad3f1cbeddb8a052961536a0179128afbbc99bdaa61771810c9ccf4af86d057fed5222a9e92d055a284f482

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae55d9f3f556f0dbac19012d0e12f55f

SHA1
d89cd994098b40c7b5d7fcbbb31a8d4703d23eef

SHA256
a9029859cd44c2339740817873c11072e36ed5b18743d986090aecb11b1b03e4

SHA512
2cd6a545d216fe018f2305a9ab81c2f5e3e382ecfb3e07c638c2a017d8286f66a20fed32a0707158b40bdba67c2c102f8a2032cafad0b1a7586b919459678cb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0a5803d9945a2831cd31f95e40c8026

SHA1
86c1e7634eb45ced9512901cea974610cc782bbc

SHA256
129fbde2b7034203ddcb41d9d80e613367a4a11aea333fe37051192183e5517c

SHA512
f6fd2b4186ab50c064669cdf891650202d4c56a901a238dc44f9058df54f6d7696a2504261380031098ede5125ded5347c1d35021b6368cad1fa6cb5328a6f01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb32043d5df92a1d25e80a4c77921bac

SHA1
85c9e09fbcfaf486d6b099c9aa61786d5362281b

SHA256
81887ea38173a5c5889d457c026cf53dbd4c290dda18238d12b0754cfba641bc

SHA512
9c9b2a7188e1497288ed8c152bbfbe5743e2fe7f87353125b0bc9fd31697032813424c2e54108fb649305b1db22b9df556a8555608202b591490153a636c521b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a5b894c410619bcdc449472a5ffef46

SHA1
31ce2ecb140a157ac165472c7894a33b1309266c

SHA256
fcb3c511e5e800b1efc03acd1633d6e594702476aa34b3162e6d68f8ec7eca16

SHA512
a23374f520a2987df59e7b069568f781a0e791e26ff86ef8451d9c9085e60a0cfd24e61c98d6b75ee70ecd165074313ed37b2ec660be394d9c903800a2b84ea1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cee0e088e9271da60586e8589e807218

SHA1
6cddd91c3c18afb9d66c697961f4d3225bf14480

SHA256
070d2dacfb2ab576005d6e6d16af61e9d9ff74aa0eda5f528f573dcf4283638c

SHA512
040242c5e6492dd7b7d64d342d28a094146791177bc973e85a60c8aecdbfe4872128b0b015edf12e611d85527079edf0a286ad1181b0337551ca58f4cf679378

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f08bde3e1bff2616389b6179ddc49b78

SHA1
aa59257e8e6bd8e59386f65f49d50d750c25de94

SHA256
6b2531a3415e722d01353e98c5e6f8a028eb373b50a8521899da6a53a0897daa

SHA512
08fe4b0150125a7516a660bb0d2c1f908ff2bb54704d2616f1cfd984595cc4814967f1e9f52b5d9a80be82f84f3524efa2fb95b586992eb71779c7b3d478eb6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfe62d590916b7c9441159a9ee01184c

SHA1
72f38d8e4afcdc88ec07796e9f0cf2838765598e

SHA256
5ad3ed4d22e863b235eeb59f51b7b3996161aec1c936ba369c617ef5fe88b3d5

SHA512
29412e696da625ebbe32325c0cbd871f2259ae282c775599f290b7b95979782f8505345a20aa92daf4ebf4482a18c6f63d5f782e98d385dc60a873c3d9c3b8bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c7d8c17d19cac173c35a3e8ce3a2bd3

SHA1
0ea8e924fa8574242d276dfaef97289c9337f6ce

SHA256
d89cb3cfd6561d8e28b936b9f1a7c7c63b34e0eb96166bba135cbcd02cb6d81f

SHA512
218896c341e97d83be3eb919c693ca51375cbd83895d1c95a816f9aa1cb6e838981e58c92c30d67b4db56e75620ebedf6fe889615fbef2d1091c2fccbaffe0be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79094bab4f1ae9ddfe65db6c7c7de7db

SHA1
40f45ef0d73f7a47f782e32e95390a86fab3505b

SHA256
a96f635330d223dda5c69bb1c39a38ff03c01092ba096d3ac3bc2415627d04de

SHA512
32ac5f1df3d7bb0c1f6b7128bbd81595288a70a25884c41ce0d09cd8cc6eed8d1b9739343c867f8dd762b9a9779bdf3a1b8d1914909ed8c07d8987516f614716

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34b37c2f395f4f794850c790cb1403bf

SHA1
9aed00c4d74b327d2728f3a7d5ebde2561be7ff5

SHA256
c92153a24ca5632b520b0a92ece49f520fc13fca8ef9260d970023a2298e43f0

SHA512
00c3e1c22e5634d02324648e84aa3f7cc9475bda141edae64955d678c8095bfc16ebc2441edf2f375040220595340ba3419cf948efd154c98ff371aedf90e0c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afa05be64c2c33d20d2ffb4823face99

SHA1
9704e2ce19a535bae01980f4e2b663b66c42743a

SHA256
da72c989c8267ac468814a3e96cfafecfe5cb05655cd3eaded3d72bb15cf8f4f

SHA512
b37b392faf1936e273d176a7b6851a3114a07a6c0520dc4e4dc60b55b054191d33a74567ba6818ac1947cda0d0a459757ec9b428cb90be760bc0c86691984134

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d1416c209190854a956e703f078e361

SHA1
5fbdf52d12f66e3e4297c7debaffb3001b10ff62

SHA256
36826e5042d262d3fd2d0811a2b75477a2407d66a836ae57dd2e9baa27d75e13

SHA512
b58b5b0680310222fc6fa170ba234988f5753fc7a4e251583900e859015f924f2577fcc75cd2e12fd2e0c2329141171de8449348962ceb4ed20c28ba70104c3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73179e3780b232bf25b9a9cab1a747ee

SHA1
5808c3afc05051300c3145f1f2af0332102e3d97

SHA256
203612b857d3166809b3dfac1fb9f32687d7721d74519c22cb6afc172f736452

SHA512
28c866a7c38ecfe592d8c82541e9675c62ba44f1dec7a37db93b71a635d5fc4475ae01c85d4b4fabb7c4a1dec4678d5db66c4e04ef2c3d8a2baebd155c023e8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85fd5e9763391ff0adc6f4f6c6bb8e9b

SHA1
2a1c58a24cb7629a02d5c87f2bb699b39e78d679

SHA256
6497a31afe67f1b7a416043593548d447c067a1060f421c23ad2249001997565

SHA512
82f24e9cd03c6bd8bf3261086068552e4030120aea66f260f52f0ae57cc5c3bd098ed6074620844406cdbf422ca2adcc053e2fa6936a83985f02b52ed85bc29e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDA4A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDA4C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit