29be213437b0f30339be0d96054d51dcf63be4ea6c935955e691a3768d90ab08

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 04:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3356ea26e99f0ed7c00405c0b6d76438_JaffaCakes118.html
Size

9KB
MD5

3356ea26e99f0ed7c00405c0b6d76438
SHA1

115ad23e443a80f7b56002752c133621d47d28f1
SHA256

29be213437b0f30339be0d96054d51dcf63be4ea6c935955e691a3768d90ab08
SHA512

ed7e2e31f09c6447b6974f62ea18e74a08a2f7e64942f49fc1bf6e025a33c402b76334d563528cb2ee0897f5d29c2938f0bcd9e0dc8b6f75315df650a39213d4
SSDEEP

96:uzVs+ux7bmLLY1k9o84d12ef7CSTUzGT/kd6pNQlVHcEZ7ru7f:csz7bmAYS/mONQPHb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90fd29fc83d2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000cc2d9c5cb06aafaa448c6ab2aa3b74fbf523d8e508f0d782688d602f077e369c000000000e80000000020000200000003311fdbe1050adcbef39a232ed86bdfc7223b39c9fd7eb6028bfe94a23a4dcd52000000022beb7c58034e6b18769792d8f982fa4ff8d52bcbbf723d12759693524d0cd8e40000000fc419779018ab99027d270955cd969e8dab5893cec57fec9d978fb6bd9c37638747c50f597750dcd5887253f7b585a9cd72afb8dee063b2083432a0e0d2ca847	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000388152230dbfe733fd1cb21594ae7b11b4e66dc6b073ee14a120e2df80ea9a22000000000e800000000200002000000072a40d523b76dc3a45bba85accde37a4252e7856627b176ad919ba4951b65bab90000000078bc2e12d3e49165428ee9abd50cde46512f0aad6313941e926fb5e6f825881cbfd34cdf0f6b49eb00d8162416f6b1d08ff20c95694f6270227041ef41f8225e188905b48ea1c870d5b038b016709fb99902e2199dfaef5fe198f3fdab0845bfeebb13aa8a95896639558364b91caad47a2b9df85c602cf21b3ee825442cfdce57668073fdd0b5c684ae1cc4440fbe740000000df754ad03a1c4f7c6a9a4611c5f2982db30d43798039eeea1c78006410c1ddf8b63386919ba605acab3521646461c9707bafbfb96b78e96bbe4ddd30a2096a73	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426748560"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2588FE21-3E77-11EF-BAC8-6205450442D7} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2052	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2052	iexplore.exe
2052	iexplore.exe
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2060	2052	iexplore.exe	31
PID 2052 wrote to memory of 2060	2052	iexplore.exe	31
PID 2052 wrote to memory of 2060	2052	iexplore.exe	31
PID 2052 wrote to memory of 2060	2052	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3356ea26e99f0ed7c00405c0b6d76438_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2052 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8ef4a4f23af82bd19c52338df2982b1

SHA1
91eb1e9fd1090218f4f9aea4f46d784082b0bec5

SHA256
bdf7174c5d432be34823fb94e585d45d07831d45a42657af1ad79e44dd84c1b1

SHA512
683d06a28c3d747953887c768e2e145e3d16e3718e03e9dbb4572cf61d53879cbfc2cf67052820f2db349ad714fc292b7a4bda7e811aa913d36839822f384954

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d2464f7f93fd8c0f8e18cced7d92de2

SHA1
1ac7733dff154551f4610301a2780dc99fdb321a

SHA256
ae25e296e747772fd319ed4dcebb4c6166f80636438e8d20aa6c1d9df1292c9f

SHA512
e09b526c2b816089c0634d867f1857b24807100c5bbec45e0ad3c71a994c1ea67428fb4b68a9390e58fd9a08afac3f4155f92213a17462b2209ea8a3f33f2b2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54471d235b3b99a60f5c24e51bbb5b8a

SHA1
52c674c1594acbadb8cfde608d51015d1775b98c

SHA256
7543dd8d97a3604c2f603a1ff8ccd88620c33cd7165e3ccea4809fe55602237a

SHA512
0de799e3275aaa775443683f6231fb1321ce4b1b67c62cacc72e16d96bb8ec96e6e6e61f3cb9dbf4cc2dda1da3c4000c70a4968d6d113807030cb7720be80168

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1024cd8cf541dfd0aca2bb7940b054af

SHA1
869749f628c26a31e1896f06ccd00f7237101394

SHA256
020098f775e8bcecb731d64e53661ca7064129dabf233c42232475b1a78704b2

SHA512
4c0280fd1fbcb826c61f532adad0352ddd1ef4f0b5787c3d80bc4d94b352a157cec4e00e136d2e33ca242da256593c0b01a74394acacacac713dd4b47241089e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
057463099d4ae2acef85a21e395b6e2e

SHA1
4d9ce1acc2c954cc6925dd89b35b8a2cd4948227

SHA256
d145d6f5ec09d2f0356222c70c35aee88cdd26b413fb04987af66ebaba5e2bcb

SHA512
3163abdcde2206762147dedac01c4da48ef46b293cd90bfc9481e28b907d4d504b9943be32e9d4b4776783f4634e8e3d62723ed760b0060fe818fce231de1897

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23546c5b348001f68f9a8d5fe1773e76

SHA1
eb72b552f88a3db1e51320703db3e6f275b931d7

SHA256
abdf5b730cbbc4674b5b52fef71e00e04667d4164c7536193b658d87f69abf74

SHA512
71cb0ab2720eb26b4be9bb0cc6fefecdcaa9e23d063c1ab32b2e36126919991daf3a15f5e259cdcbcac6890e00e3f9d0c2e8f20a6700c8459e49c929900846ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebde9dca1b8b461f49960d53c7bce728

SHA1
773cbde9e7c3a5ac9668208ba361114155cc3fd2

SHA256
a6cffef3ed97ad9316b42f39aa2cdf2d2de2de2dfc4ec18be5d1cad61aed79fd

SHA512
b29134bd7e563450fa3711f3c340f58d7f140ffc03401faa0e49eaedba8c1a6b54c05bd05835546fd1751fb987d3055292e8ff5d744ebf2615772be31c7073dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
760851e4f466a68be5fb189589dd86bd

SHA1
59445a143cfd45241158fc4dd8bf202e8c31a4d5

SHA256
6edb641f7b297e559a2a8b78bd38cc0b8c41baf439277d15c0f58ad9f7bfa9f3

SHA512
923606495b82e988fa01d0ae3cfda9f6a8b1629452df735dc630f56c5d3655978e1b12d4fbc7e8346fc246ac37b7bd91d0daffa13fb93269fd1412b12076e58d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29c7499355de2ec323a6bdac205d1688

SHA1
f41f5f8f2a0f9e27a1cf5bb7cc1679e1da69faea

SHA256
2476b0859a309ee9fbe3178873c7b7be2958c59284fa7e5be83b8591edea5f12

SHA512
9f9c312d44e6f35fa373a4c3c2c0d86c6b383ea7f1682eb9172bab212a533afd45c2fa190bae6cf10090ef0e323bc51ff78404a3e9cf3331dd2c1ce2d0588e00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50b5b505583c624ff92813258aac30bb

SHA1
f7ff3af1e735607997a321400b49eb7b1a752897

SHA256
5aa6bbe398a3343ef1443e919025cf688dd18379aa2465d079179b3900764309

SHA512
b9aec0d236e967fb2ffe70d9bb3cbe401c2d09d3f0ceec4467ecdf47dba0dd517d14d7a7afb569dd2343dd3fedf5a4b498ef1e464cdaf8f22d41e6c029839b9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c82a761972da309be7d29c8dfaaee16

SHA1
dd1205877473292438c175503d9b3ef9a5b01721

SHA256
54cb7d16ecc2c000a4db7579c7bb03b66163f8c12b8a8233107ffd8d4dd738ea

SHA512
5ea2904ea1cd3ffeab9f687c623ac0bec7f4f3b1573b5ca9265a25801f9cbd00a4f88f5a2c9979b216f773150bdef79d6c058e759291776c043a03e0822e9faf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da8913424b15e7abcf8abeb740d6d792

SHA1
72bbc8f8b4d201922ba168155bfca6de2771c2c8

SHA256
f930569451ecb2e8b4cd021cbe67412f5a5b08c21987484bd8dd7edd35a4214b

SHA512
7c89dde4cc18ea99dcf8062a6742db0147a8e5886d7bcf94be9499acc7921fc75ef7a329faa72f1b7a49aeb43bba6c748c28aafc5cded99567afad463d242e5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a680d8e02733da7e6c6b242fcf871eb4

SHA1
4c2b2575eecb8950534c850a1b5ddb2756687d12

SHA256
8c79f5e7c77bb5f786bcbe0be3e0498df4250657bfddb0a2af6f1d858011afd5

SHA512
b446c9a84efddfa14d6cc4448be3bcb1becea3bbabbe429c61c90838cc5f12afe6298a090f0a8ecb6acf0c22c7ff1285f38677874785b083e28a2b04d88b04ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c19155424c6f63f5071898413ef1a98a

SHA1
ea0b68d9afe6c5bfeb269adfc8531b6a68de8360

SHA256
8945c07516fa0be387b55c565a6a5e4187a03d61ba20278099e36f9ccd2350f4

SHA512
10fbc266c91e2415e02fc84250684d37d88d14979f3d5be7e82e595b19766ed37ddd860015b505e98798f33552f3a104beeb668d8a1776595fd76afef5fb4d61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
295ab565217b919c19e1e70fac4fe171

SHA1
64e5cd5d6defec80b16af1078603d10c5b191f33

SHA256
a8933fc3992d05fc01733cc4886b53c5165cf2af935a6555815ef3ce9fe8aa68

SHA512
22421dceb2a2818521a0e5ae3c20307ba9251387f65305751081415d6adaa9808fb0bb844634ff219a4b83abd6abf4a90736912f0a25c3e56213b27c2eec4a00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f905c7b821fcc45e697c19bc9ef491b

SHA1
26d99758566453c6367b35f700fb796b64c5c371

SHA256
61c4cd034b421e08f5727c9e392c63e4bffbbcf0147002c14aee3dc193c28be2

SHA512
25b89acd32f53892290be7f35eb0bb69f2204eb05f647fcdb06860388ab11d02e7d17dedd6238e68346b8c9cc73039409c4dc7f91812a0fd95d56269411c8206

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b30a9d0eb8eeecf65f87206cf5cdb43

SHA1
ba760474d3eb4b174844153adfc6310311506393

SHA256
66385d99bd8da2fab3fd6f65d661863cd185612dc81862912fc08e136e2cc694

SHA512
612bbed3d66b65a181119d28e1d02d433932839a5f995f95088953db4c54186e5f6b8cfd20b5c39e65e77bdccd96cceb911468d842b4edb4b78810bd6e9d7842

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF2F9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF398.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit