3fc5b3a80336f287f90614b9afa7c1892670b324da1a5be135ce3d3dee434464

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38c9f1f055e7b6107f862db4e762b6f5_JaffaCakes118.html
Size

3KB
MD5

38c9f1f055e7b6107f862db4e762b6f5
SHA1

0149f3ba7ae058a5a44f70d36451938f0b0b2157
SHA256

3fc5b3a80336f287f90614b9afa7c1892670b324da1a5be135ce3d3dee434464
SHA512

04f18fc2d3a24eaa9a3a65509a8f7e915a9bf907263840b4e04b281b01720df6b970a347c867dc8a2f4843d265fc97a5de4be5cd5ed9152762f23a7f100134c2

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f000000000200000000001066000000010000200000005a5acd74a043fd1c5748677f8b85857cdaf4468e8ea006c1539fa5989c5a4c29000000000e800000000200002000000061728bc6fb0c42b25c5f9af650b8621cc2869792733cdd31255534eaacfe8ce020000000bd831ebe399406259431bbfe65a847d61e9aeaa63169b672136e8bc13c12c0e0400000000024673710855fb3285b72173fb2e2ac1531c43848c3816333853fce2f8e162e4f438b17e7b83a2604924b45c8655befc3ff29f50d5aad4819bb25c3665d8c9e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20dbe2517fd3da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7D4D43E1-3F72-11EF-BA5F-F62146527E3B} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426856511"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000b86bcedec6f1c547dd8c3703a8c9e6ae2073c622e3de1f5d282043147b8ef915000000000e800000000200002000000012b373107829ba80fca05d676fff22c06c8cdc684b9ebaafc8574573f217392890000000b3e61e1669dc963dd02a018baf536e4232cad34640b571b0c980d942927a6375be0bc437d88aa04f357fd748c61f3a46b1017ef97c0673c78ccd9a9f585f46187c1b3c8e61aa9d50dd49822a783525c021a9b991a44933842d78601cdc3af7277e90c81ff8958b90a2fe67cce718b01be7c5a91ddce98a6038c8776980006ff38ab958e5f0b91aae13b29adb92868ab84000000002a682b732a59a4e25941cbeaee47cfc797292d28992eb6de0dbeffd35ccf4064e0a633b5ff77b009dc61a6a9b4a05f4d85cab50d371d0893416797f9f4bc84a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1688	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1688	iexplore.exe
1688	iexplore.exe
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 3068	1688	iexplore.exe	30
PID 1688 wrote to memory of 3068	1688	iexplore.exe	30
PID 1688 wrote to memory of 3068	1688	iexplore.exe	30
PID 1688 wrote to memory of 3068	1688	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\38c9f1f055e7b6107f862db4e762b6f5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87201a60fef9635c93ddb16b2e861298

SHA1
f79318883db8bea406f274855d4fd72210fb9a87

SHA256
eda0ec28b352e0e58569c73b4ccf1bc0b61679459c6863876409d315bce06d72

SHA512
b3850bee85d3ca868bb8559cf0acb5a6269cd128930cc06c7dd049cd265494658cad43e641d5ee7108d472bf8975c13cf26f3a337fb60197e97a0736aca66a04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d211d6f5ae7e783cbea1a017f5645953

SHA1
049f4577beba4cc120e90be2f949375764a1bcf7

SHA256
30101ba145e9db3ea35a4dcd19d129ab7c1b3212bee9a0287777def258b42ab7

SHA512
a084729db2c4bb169c2bccb6fcdefc9f39af78ad5406af8efdc6b9e9b894cc85f8bf119e7fa0dd295cfbc663e67a73e0dc68f785a27242864b742646eeea5858

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f964621c299625ea85050497031b34a4

SHA1
2412da4d13395c4c859dce151adfd094f2a33b50

SHA256
b4b011322b76a29471983e691bb6acadd495f5d4228a33ebf94ca53b787c1778

SHA512
78de5b798d0e997fbeb16de8b3694f077ef6985a459cbb3065abdb60e2e46853cabf4f3220fe22b8fca1d92c5fe34c63990df64bcb39c1fb8421985fef6b7276

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a800405be64f45a79f4c829935da4c9

SHA1
3cc192afb67779440180b64a697d66c18230b7f7

SHA256
c15bed44070988444988257ef0b3a1214b3c4f7f59dd6b21bd6fd29599cb80af

SHA512
b3b70404d7109b7017f1896fc4396081dd244de3a64f6001b6e515f2a41065716de96c04e514efec3728d700e92da498c75f2d361b5da95c448849b75c32a889

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b3ca9175bb964aa75d2695572fddfa4

SHA1
295e8fd5395033f81ce77b171ff9516c55db2be9

SHA256
67f9481ed550b33f7df9401efb26676d870307a4a420a6d1d0ead06b08e1d55d

SHA512
23c831f4297f2bf11be289cc4d80b8b659d34e36b5d8e6139d0aeac2eaad351b08dbf0b53e116e35a7e6d9dc66dd188039b38442ca63076049f000e7575928d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ecbcfc27cde48ec55f8ccb359450df8

SHA1
1099430dd1c08eedec137c1ed939fa84c4fc50bb

SHA256
ef114f7713a12c321d2d5859f4df23a30c4a13acf37b8c72d982fbab3ce27c04

SHA512
016625fd22b50f2a7e44d909d428079150883bc85bdd84f3ab2d95e33715baacb61ed6bbf4969e715766dbbd1f0b80b830e6237e85c122c72a8d6f88ee496289

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c980e404ec816fe431d70f76f16c0e7f

SHA1
c3174cb8c7076fae8164d23f9ade4a83239446de

SHA256
585e8e4478cc6346928558d279f069e36e0abffded3251665bffc17984023a71

SHA512
a46ac6ce12fc1d8850de5552258beaf1f49dfb042a3a774a902bbca58ddc7f7efd94fff31293d9c00a7500284697ef9b508b8576828eedee7376cce538e86bca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
673a09affa95b069b4b7fa296448598b

SHA1
1657a4b0d65dd89277205ad8e3d1ff4e6effa9ad

SHA256
661aeaba52998d04a58b55bc9afa9aecdcc55aecb5c640fa6f4eb3a76b073620

SHA512
8e556851e46b9687a9d907cca548c8dcb0b4fa61ca8286d6f35acb50d8388fcca467eaaf9de40e72ff7cd36abf33e64626a7f6a76db37a42bb7ef4491946449b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f80316232fa3433aabab17906ad9ca4

SHA1
4b16f4ad5949fe1610b5dcec8e26a5ad8fd7be49

SHA256
a7f0423d7c0c810f3305b2aa32aab87f96e32cd8ab57e68ca3cfc4fcb1b85997

SHA512
4c59df2d37d00bdc4614c58bca748c3d0c6a8657b657d7552e0c76b230df9fff33f98c174826467e5f4d73029771c91125f9ef0cc4161eb800d799f5b03b4e0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6c554e0658b29ad318ed5e63b6cfffa

SHA1
d1a9133ac9462a418a1abad59f6d8c9afe00733b

SHA256
5cdcc7bd1073ae738ec24bbb6ec306d450935bf96f3bf7545b0bc1ac7b35945c

SHA512
098d875ee1e1c5e21a54415c2d7f68e30fe4d1e85a13a1953c4cc67938d14542eea476d1be89ae0f82ebfdc2b281a0d7cda518667ca38132440bf664f3d7815f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb64c57aa88a8365a0946cfc4346c947

SHA1
b591cc1154d21152a9d60f19deb740906722f599

SHA256
eab0d61f3a15ecc0fc456f22d101c1ecf55d2a1270545336d65baff5178661d2

SHA512
7b16e0f6984b6ad055f5e7d556aee39b24a21b1577fb5bcafea7b2e988d2dbad9540edcb55d4861d4646dee609dacd362f2f0b8c6a5f14412494c907eaf7ed7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cba8be95d110b7f1d2093b2220ef0bd6

SHA1
3da0659c40db908128822755a439d0881aff23a4

SHA256
f6472226b9cccbefa66558c5d7f2def60745665b1dbe7556cd4334b10f548f7c

SHA512
33f58c3fc83d24ad00a46c682e9e31fbe830fd77673ec82d3678062f30040f4e3cd05093b5dd9e2054111fa15b466b8bf6ebd4dcc1b930ef09221a3c92e1c79c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6984d4082d4add48d5d4dd988db5731

SHA1
e81b2d8365490f7ac032a34dfa9bb90cf501509d

SHA256
d8abd44b37ecb9cb466f3965cc18c835ba58478c3d7c04b1bbfe56c058888c57

SHA512
cb7705e77040315f7d8a2cd31994f12a24ad0ed54c8ce643715a712950ba4d79161605d47c9c237f196eb7f588cc8edf1deeb6df6e2218bd0c492d6ea5287a79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea22c40656f64379fe4403005d3d8eb2

SHA1
25c603c54b34542f9b0f3041d30f5bb666195eb9

SHA256
18bb87c5f93397042593a3931533a1ea5a1a01343ac47583991f6e130486f19b

SHA512
4ce9ffd4f5f5a078b186ba825848010d7ffcb817c6f5adb955bc86133af8c375e3e5e83a78a6ce1b3df7c00e65e7cf4765625ab4d37fd94390706600723e1c96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8017d38aaac8d34f8e75df4b9629270

SHA1
7867b87440f53e51d7a7258cf37019ae24f52d7b

SHA256
b5f81245bb67d99331f336e5eea872d76b482566ac9fbdaf464c29fd01414f23

SHA512
21caa05eb49bab73abfb61b266c86815a0cc6789aed84da806d9b9b01a530318e0a2aa74d2922d2d410baefd23445f686b3c6f6248c3643f9fe188e34db518a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d320c711ac757eeab1a65124f148037

SHA1
05398757441fd01f12623473462ec5579bc8760b

SHA256
2ceabd9b8e61a55542a1874f7404c6c6b326f4f4c952cbb01a2e59681d837d10

SHA512
1e2c2520e049f3cea7c15a2ee655634007b17259802ce0a4adbc48416749e9a30cc10e24b5fb4f37b9d9ea192f125bc006a7cccd5813986d12ecd6a1270042d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cde1b21761c34c04ce7c6a289a03807c

SHA1
336761e1c860791381b9aad76bbdd5eca5bf4d85

SHA256
b58d57969be2ca2492de377493a04f8d0a69bd8e3aa480924adfcb9d1ab3be62

SHA512
dc17d767d086370b575f2c93380d4cbc8a3af2d2dad2f4e7714e7cd5e2e656ba4e894cbb31d1b02a6298992c7a5462386a158a6206ff199d17e6dd21bd7393ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBE8F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBF40.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit