15be63eb69b9ede69e55cb1d774a242352e63ff9e1f3cb11783642297db8a8f6

Analysis

max time kernel
119s
max time network
131s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31cc4a017bb5dd661085ee86d04cedfb_JaffaCakes118.html
Size

10KB
MD5

31cc4a017bb5dd661085ee86d04cedfb
SHA1

9fb1c7f0faa6304368da71a7e6583ca9b1fc83ab
SHA256

15be63eb69b9ede69e55cb1d774a242352e63ff9e1f3cb11783642297db8a8f6
SHA512

e7b9b6644ca8045a5e680665e43ba99011d2ea9854ed200d652b78a831193eed46cd8abe67526cbbd2b7d67e73438c5c2f76c7c2d0d0c056c061454a83cc62dc
SSDEEP

96:uzVs+ux79dLLY1k9o84d12ef7CSTUcGT/k9zZm3pwVCGnstTYSlVHcEZ7ru7f:csz79dAYS/VpWwxnstTNPHb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000008bab2b642ba9565d25e490b028d5e5821124f3a70a6e1d7a2ec61f4dc5cb84e0000000000e800000000200002000000070305d1a6ab3a3e85bf735507692e38095fd9206551f97fb9e749ad029fb5ff9200000001749e1e0f99dfafd67c24cbb2fa4000be113c25c6395d8884958b948abab86524000000060c62b2ffaf0034b3852ccd2a14f0b228a0dd6fc56bfbd6378786714b220f02abffd64f83610547e6d6c7032afe6876ffb1d2abe5588340534eb5bf22f7da1e9	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d01add1541d2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3F556FC1-3E34-11EF-A205-6AA0EDE5A32F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426719829"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000c6c75bf82612d74bd66e039a6992a51896e510106c48c25533d7069f56199c0f000000000e8000000002000020000000ca758c2cd7ac67aaf221fdb0c956d9d520746680d5294147956608325c3c036e90000000d54ac51464d81e7d21ca89aa308378bbec1606dd1f1cbd204dc16c46365c9fa3af654530aef0276c6e53d2023e11f9bcf9f991b9cee226defc56113fb6f019bc2a07e4ff92103402b67f1387b990932bd43fe23e365a5f83d5c0cfbc15c9cafe7632cb6cc63cb29242fbd3f43eaf4712febffab31c2a5e3034a8453c3dbb64c5568a1b9c1408cfb13cecfacfc86cf81340000000d21dd7d468480a9f2de5bde730ec462dee2cd813cbb222ad17477b92f206ed8f662091408c269b7cfaa7bfcdcf820ff239c8782b4ec7a4d4b9d8fae7210b64dc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2552	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2552	iexplore.exe
2552	iexplore.exe
2400	IEXPLORE.EXE
2400	IEXPLORE.EXE
2400	IEXPLORE.EXE
2400	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 2400	2552	iexplore.exe	30
PID 2552 wrote to memory of 2400	2552	iexplore.exe	30
PID 2552 wrote to memory of 2400	2552	iexplore.exe	30
PID 2552 wrote to memory of 2400	2552	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\31cc4a017bb5dd661085ee86d04cedfb_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68a1f35cafcc878710dc1e11878389cb

SHA1
9ba9e4c21098b6bec890d5005aae9e44358eac65

SHA256
b58f018c95f0135634e4bca4116486fdc6ad96e709ff86e79aa0bf8313f12ba1

SHA512
dca1c242c281e31988aa7a2fa6b5fc36d3b57f99311542298009ca95aca4d395fc754239f7bbe72d4df676219bfdfa3796f8ba01bd41ac653e780cc9d9d851aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
278e026a8975eba56150ac2021d26959

SHA1
eb30ed12ee1c0cd3e680796f48852b0b9ac74700

SHA256
16dee3224f8626444fdece5a48eb693082ca0eaeaede1e513095afe87064169d

SHA512
ee34f62e8d4ff67a1c3564d27dd89e3ce62a9d783897d89477948b1bbc94b6e08a78f01fb4b71dbfba99a893fd1d95553b6b24b159c3f6054f93cb7a18202f9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2553b9cecc1001b358a6b642c46caf43

SHA1
4ac68899a7f6aece21865fc3582e31e3dcc0f3ed

SHA256
da35699f36611444e0f54f3a0c9f5beb0a91ee2f135d474694ce9c3a4c55426a

SHA512
4ee0982b95b4a0b0f53ed5fdc97227e6f98bcc2b690ced0007da78952c0f5181e91f89bb33c3f951a4bc9b3838fdea41686cec92cb209ce8f79b03b5e3bf0c91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa23cabbf7098d7f8b613b9b5970e58c

SHA1
ef5e834c358c753f96ad281ca5d364c095472d94

SHA256
4ea6a6b67efb2d991b439f965cb8c75b47ce0d3df978d0b828e6ecd52495864c

SHA512
e8800985c881318cb87f8e7ec2fa71fdb775537ede7e4f61468c411e71671b673125c80895ad6ca7f5acbe4fafbbf9b7b3ee24b04a2811b38eeec14cee9d5e02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e922928767caaf2034c59ca22eb88d26

SHA1
706716c1bd44341d7142e0182f324e6b794a6623

SHA256
409a9f611b563cd4c3d505ae995eb4d6ce3ef89b0fe31ed900a3c0a43cc1ee83

SHA512
c210a5f6c389ec70cdb021bc918fabe77cfd2b1d7e957daf632baedacb670e7c3d8b7d5dc4464d571005789c3eb761a5caecc2f01310e2079ce80ff60cbd92d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc4433315018c7f877dd1da96b3f96ba

SHA1
d9d0f27b36869c849e6968d5564abefddb6817b6

SHA256
9f98f55143444932b730db63c05048a6acd0c9ebe50d4b3a21f5c5eb47400a56

SHA512
bb027e5dc5f7604fcbdf79db6e840284698fdc6544c65b3d1e0da2744a997e3844e88450721d6c675b933bf7f436df0f988743f0db54ff57ab831e724910c766

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e03c3ff5a22e17af1b59b5b09e49f31e

SHA1
640712d2881b75c18ca861f40d954dd89c9cd2c5

SHA256
c3ca4531f42f7129fb9e9baa180f183366d8497fba477a80645fe70db064c459

SHA512
d97f887383987f8aaa89a4b5dc57c05a80f9206890abfc72cf3f273dbed553d1b2431c8116e39d6bc471820ca607e70712692933c41960cda274415d9c31c3ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea5ba0a3bb2c6e0f3a5553936034ccb3

SHA1
ea4d1c927afabd323916278ff71f25b3620200e6

SHA256
08300c1dd426e74729202ff114dbd14fa81710240f42a40f90032f1b2057a311

SHA512
a56253d130c9715efde1e87c1cf22df1e4efe6a81015e2ede62d827868a69b8f485cd8ce72a8c11f2c4ef6f47544ce5f6e6fc1d5814787d02b1f099fe3ca0763

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70f1d9905cea6aa9687135926898f5c0

SHA1
008984529fb6f3df6fc4a7a3f1f7a933673cc427

SHA256
160bd2a95793dc21244ac147b1ff693b649b87a58efc7278f23687d299132fa8

SHA512
effe5957ddac7548abedc87233b91dbb2cafbada34e11efc30679f2a48dfba0cd2069570d577648cf0005b02841d58d874e4c08d9b42785a6806d693e81476c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5bcd204056dd6ad2d56ab147937ae925

SHA1
539c95af525e854937c1a4050daf42a3c7c69a4f

SHA256
d9debc8e261a256b55ae9f779bc24f6ee45d45a55dd2c3de28671fb316c9d63a

SHA512
4a7de7573b1902caa0a8226764f682456acbe32daf644ae859b0882129fa25749edcb00edf50e36b3ed9e51d7d137aa92b4e5a2e61a19bc4e766bee246ba73d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6b677e6c2f089e4ae5e864d80a57256

SHA1
434c25357b2157dff194004f782de0941b4983e9

SHA256
590c4b252767d8f7a315495858bceb75c541431d953b39e80bd3776922090d96

SHA512
1afb076b346b309f633fc25e401d6cef5f5e357f0d965ce777fb9a1c4f2402ef31c9d88c1d8c946509ab80a4697168e0ad8cf8d4bd78f433f9d65b2800be90c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
727625138d33e1b9841c1acf15fecd73

SHA1
7f492426d58f41be7da731c9ccafa3f41b8b7b61

SHA256
62f839a26c24f4e9ce709f5503c04c326656fbb439ef6d42e1de058fccfe971f

SHA512
9d169b50422fc558dbb0d81192237b339a619a6828f6d970f96c6578a7a86bded891ea3ac4d0648caf0e543031becba0d60f341149b082167028d7ef452bc97b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ad0a2cd2a52a937311264db95e1947b

SHA1
e3f867cfc89690e4e0b8e06029b6034be709b57f

SHA256
1980319ba60266a55fa4dcd6bc0a0b63434bdad994c455defe50f3c056d4eea9

SHA512
cf364565399c6a614b08865ad37f4cebee4346929ca3a46768932baf85f6fef8a23bcf16dd32c6503946ce5193210fdb3f9cb5db29eb2da836a56efe022bee58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4ec0974c79801fcfb5f4da9f5421081

SHA1
ea76a6b6f81d489109af236f420f046300b40d9e

SHA256
0994c436a7841516affa531a04347829f2d617e6ff7de541dd110ed5261ae823

SHA512
afbd24eb1738a4899744b6bafaab0c91271e721f91750d945f21388f3f798ae63df5623b4e47dcfefc59c31ba0c56b298af47aa7bdbd70955e63897e04cbe106

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd979f9d1b10f5238f0cdd9565601666

SHA1
6120c01e1ee1cc66d219e9e465804193cf0c6f1a

SHA256
4bc3804b34014e6fba7a2b3c5ee91c55d915e43a35265b1bce79f1a11417f260

SHA512
00d9e58705b104003e652f85b963da101c0f61028b183bfa85a8ba21fd4bde85f5950381c92416af309240c5d79719dad0553cf681b3a0aa136e39153a34f9f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9679f9384d4a5dc857001153f798daab

SHA1
f6be538d321f85e54c1e613c2bfb43fb018fc456

SHA256
20e420b1e91a2453dfe1141d85412b64ae9db5165924a4bc363fe7d9b0791b7b

SHA512
155676a4822fd881408ccd1040f93261cc95fff4cf47bf1485c4fbf4f2485eb76dd88f926659b3e40d4663ed4f566301f660210d381610f8ee575858214536b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19db2e8964ad741b438e4cd608200190

SHA1
b504320439b761da44d2df55621501495ebe994d

SHA256
86ecc7ea913208c65690f9e3a968f83e2c14c2d3b303b3e49e0b82b077356c54

SHA512
dc50aea723f5999527b29722d24505e001384e7af7904436d7d9ffa92667c0851ff761ca9749e5f1e2636a201eb97c388b69912af44068e4f19ca7cb7f47807d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA989.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAA3A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit