b7ece29239c48832003e41536a5357b71081c42eba9d109bc79f84abbbd0b2d1

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3387fcea4634a9729986939c416bb1cf_JaffaCakes118.html
Size

94B
MD5

3387fcea4634a9729986939c416bb1cf
SHA1

bfad569add9251e9421bc8e3a8c1c159f1fb2d8f
SHA256

b7ece29239c48832003e41536a5357b71081c42eba9d109bc79f84abbbd0b2d1
SHA512

e953813b4fc8eca7d7f371a4c3945b285b2b1eb8ef0a6d68d40c8e2915d9991fbd13709c4e76e5c408fa62a33adae164a57856aaacee18da8a8ea04ec1bc2558

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426752346"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F62E39C1-3E7F-11EF-8B76-DA2B18D38280} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000efd107d51b9da70a00cbdc9804909af2aacd8a8a2f26ebfde860e674f73e2af8000000000e80000000020000200000004c2221936e10bcebd858cd1c6e21f1e9352a79dc32645dc6a2ed7ac51bd8e4fd20000000e72de54dd9b047bd54fe9bcce336434f0b1615fef539a217e4fc465a270127f34000000017255fcb2892e80ae513eb7e9a38fbae272d70481a6c7a2b438c0090499760175f9563e441fe721740bc4a3bbf6f8175b0adff89b7a7765355828e91e189675b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000f9e262044f93b69d3bc1ae49080fb29badb1a447f5db7a0c33b867a940549f07000000000e800000000200002000000085c3cb79abb8919546762fe8503b1e4cf47881896195712ca3487b9b0769a246900000001426411cbd5a329e3c6ad9701f4fbef95731981bdd094696113f4069ff8c56821719e2a9b2bb559cc77ba24b8fe33ab5539847be9d146281bd7617fc7eedad3195d72b21cc87bf05bc54d8b931c13ac7cbb5d6a44063d371edbda446760d0dc528535bc51be22ea6b9549ca7e211a1bb67d3b70f30fa63bb631211a48d3a918e8034d55c593d24b985377e3cce4abc8c40000000a2838dcb0ca6b418573bb4d0d366797ef6d580770c3c4ca4d316ad209495535ed37c92a37bf77991d6e41036f9a27d93ba2d23323a4fc0979654abede64b7e10	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0e6a4ca8cd2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
800	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
800	iexplore.exe
800	iexplore.exe
2240	IEXPLORE.EXE
2240	IEXPLORE.EXE
2240	IEXPLORE.EXE
2240	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 800 wrote to memory of 2240	800	iexplore.exe	30
PID 800 wrote to memory of 2240	800	iexplore.exe	30
PID 800 wrote to memory of 2240	800	iexplore.exe	30
PID 800 wrote to memory of 2240	800	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3387fcea4634a9729986939c416bb1cf_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:800
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:800 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a967526ff4f77a0c26e545e8c5eddea2

SHA1
a376a60fc69e852a57844b147804355bd119377d

SHA256
f9496e08910356a4f962824308c044da587df67a76c5de75f6b3ab578b26aeae

SHA512
06c07dd2044bb937897275d556bdc94bdd8ea2fca6c32ad4429463dba231508baf2dbf89b45f32360a33df3c480b49de79b06f4a1f940c0fe9433eea815900c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0dcaf20d7d133f04d39bea257534702

SHA1
28e7f43006c24702380496d5d39a34760d72541f

SHA256
62eb501428c5e6ab77ea73bdd3f18861938f2c26120c3a85c8b68d4f86a89e39

SHA512
f38ec1d9c48fe1cb6c5da14358676105ad56aa4337a573bf411fd57e759cd2551d97dd7653780255f6894ba35719fca025a277976473650eac1e159102411fef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64872068f26914d333ae955915d11fb0

SHA1
90ca566b63d3037b153f305e1f8aee74c8a1e7f3

SHA256
689a6a6008b2b0d617926c0238fd10bbc91c5bf19840e6225e4f66fbdf1f1f74

SHA512
197ef52e506b35e770ef1403397305756bb6e842121dd5a050626b89af86295f20027f45a9e15c797a237087f81b4f19e24a2b9f5e3010c2779e9f68714d05d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab6b5678ccc08ee73869dc3ced9d2908

SHA1
847656192a16f28eb362df202f3cbb6901abb0af

SHA256
dd9ac3ed873d87ec0226068b63c52a55d77db19f126f3f72215ebbe908e289d8

SHA512
f882aee8e3f6f5d31257d9d9afecb293bf347b762a83bc1545d08d6bbf17cdc0ca4d35ac8280237659540f6b29b019c96b8a5af43b28eaf26650460d8f8f4f42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecc00664ccaabfffc8e525c935c01806

SHA1
52180c44c97dc8181d3a00b78fe59d8a133cc3d5

SHA256
e4028bc3b959df9022d85953085816d1dd061ddaef8766c31bc8c2c05b540375

SHA512
4ea3385eb32a7a7fd114bddc5ddd20687c7b15f286fef29075373efdd4a51e593e9a5ada047a024f9d8257ab54f956edf55199e54d0a293a65e48fbd0c1b30d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9eb857b751f4e629392a23fe69b75560

SHA1
8ddcebf79f48748780630b36845e3932930498d0

SHA256
381d1b1e64c7b3803871cdea70d56ef57f4899d60231b35e1127eefe88260006

SHA512
649e56aefa4beb994797bec40f467c28251ba94dd1fc0f1a02f0d050c468ae3bb39e1b2c29dc5fdc617564b882ad6816ba2e087131fbe5ee91f5656171827963

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9a19c459dca9b6d5f7539b335c923d0

SHA1
61aa58579ef8d1f3b4a93565654409895505a08a

SHA256
a3aeb8d47b5103dd31d12986fbb98697c80578c0e5a030d03932547c1c0094b9

SHA512
cf951f4ccb8292c2139e09e7e0dc5855ecf74521c723da36d72a45715881c9bd2444527dcd0eab0b90a5f31fdd566343bda3ff274e193c67da8b256cb91ed274

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e979255ce97982ba6a2b3c1369c657e

SHA1
33fcc82ba076d74af34b43c102857ed39be51e93

SHA256
207cd2c9621d134f122796a790fddab348cdbb0a9796e427748db1ba245fb5ad

SHA512
3a26ee11d7ca8bdb704cca859712ba29a8c4d00d87037830c890a59429bfe8a94c92428a289a12ab913289529683644fdd0020f9bd992b15e16a7aaabead7926

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee11c76bd651c1908b5f2366bf7c2eff

SHA1
f602c0e4c999d7ccef51c75a2550c1f95df8bb16

SHA256
f5b696dccdfe00fcad38936f48583dc44d4abbcca3b3168846d98d15917de86a

SHA512
a9c4f4c2b89371d689977abb8923cfd93302e2cb63557b04c53233659f49436a0243bccfe6f7013c6c0c6c2f591bad4749535c03f256a52dd5ce999c009a3965

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5bb0e351df0da813230036218150a72c

SHA1
f7bfc715dfd67a8ff9a67d7ed20551783c95402f

SHA256
d420fb6bbe603d23d68e19ab837f2873576b7ebcc9d9f2c7afc5504b7fbfac64

SHA512
bc6a9129529bf92f6f1b23ba5418a6e2b20d06a0253b1a716f4784022ccf514b04b55de910d78199ce8d0a4f6339c1c8a52a5cf9931ffa191a04d277ed401a30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58a29ec036d24a7414fd2b457b173cf6

SHA1
077358380d15523ce8981d7e62369d6914892994

SHA256
d97c041a6e39bc3351ad1baa563106d74a6bd2a4d415636c44db4430c549c934

SHA512
fd4af67e4622f695e6f9192908a6bf2d62cd34a88d21c5699ddd0595283891e62c2795b08363ff6ffe4e2fa1105261bba72ee222c23d5fe4500c97be45b44d95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9003d5264374cdcb99f41dd38bdc1d90

SHA1
0c7344318ac47c3caecb587c3797d254043b97d7

SHA256
16bbb884e7c76e9b58f1c601c740af49e371e5a2e6eb5dfb1edbcc2726d2f31d

SHA512
66a1de9c20894ee12ce68757510a659060dd09cb36fe88a51fb2af66cdd965e75819c2492dd5e0a19984758d49bba3f6edbc923ce3fa5ffcec156391055806c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ad3563a7a941b5bd37208fd48dca5f7

SHA1
9e74141c17140e314e6d8f1823fb43c6519e4cfc

SHA256
ba1f6007441ccf02152a025be9819742dbbc7ea215809e8935adc42b58d85087

SHA512
fb0b10fdbcd40fd9b789cf69d170aa86f2253a32e3ace8e504fc74893fe4d07c518c19e0f39eb1a169d5de02e5ac89aed64635905f7051e82c6ef99aaaec442b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a049eddb85af6889a26a2a65a6a8d345

SHA1
24d44fe4ee9ee00daad43c14bcdf70db3909c887

SHA256
3ca459f93c922871e6b81452025ed48864ed0fb787ccfd0c1008d882ebb69aa7

SHA512
a2298dc7c56106df28b7c3837b3ca5c0db4f4f576ad1681b0716defc98ab1a136e9c053069ef073a91fe3b35d534fbeb1a16a07cc77fcf609d8d518d5bdb3216

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6ebad4a70797cd0e6147a29a4a3410d

SHA1
e3331e3c9afde27d32f042d044c6460b5c996c4f

SHA256
47ecbdeda41b956f64ef469fb2a593d9d7a1134dc221562238866bf06e2331df

SHA512
5286a7972b655e381605b31604f0da62620567f5c9bd982702c2dc2711e034f9e64fe6c67872d8d1f241de22e33eda00f9d1ae2686e85cd3790206499e236778

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93eb23a8abe947251b562adac1567983

SHA1
c4cb97c49c5aaf17217842defd9dd7d3f21f375b

SHA256
83056f5166f80035ada46b55ff17dbed2b59ad8c50085248c26ac1fa50650ae8

SHA512
0182a409a6c88e21c1e3e23964c0274c34c85aac3acb096d6a33acc8b5682c19f2d5b34321036949c415fcdbec3120b5b42b871da833646fb2fd75a472d2bd85

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCF15.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCF47.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit