e732322f2633cd2ff3515a88fef41151b2614dc9979c916bb202470df9546340

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 11:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

38e5ce6a0d5912b2c0249e686bf478de_JaffaCakes118.html
Size

3KB
MD5

38e5ce6a0d5912b2c0249e686bf478de
SHA1

940b2b599b94299f69aff0650e689bce7cc7d902
SHA256

e732322f2633cd2ff3515a88fef41151b2614dc9979c916bb202470df9546340
SHA512

7b42d0313dee5280f0e91bc61f5d3682f97ba9a77ce7d56ad6bdcfe01f919f63e6370f466f6e6b5fd3151afff83f3099a54c0d1bcf9d84fe5d4a034e951fe004

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426858651"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c0000000002000000000010660000000100002000000056624206ef247ef2f5510dcf33a593b3871ac9caaeb29154894cb4cfc919057b000000000e80000000020000200000000a1ed6dcc0e71daf4382e159d9ec972ca13ff3236b74efbbea0a02a5282a678d20000000742e46b900b597ed736ceddce12b1ed3641c767ab2a57d730f13e738a03b7dc840000000f26d5c11a7327599c738302a5e808ce9af4efaee83e8941c702e17a247c5501b8fd1a4967582e29d820c29e74b787828e3f2cea04212728fed8817cdf700c6fe	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{78D667B1-3F77-11EF-8420-FA57F1690589} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c000000000200000000001066000000010000200000001a7936916a1af2f8a25142e090ff9e22ce5e1b5112931cb53af67dd69a917a41000000000e800000000200002000000098af736b2ffaffb0f919d141f423e27f35a3e6d8bbf5211444a74558123048399000000033fa70a95b219d99f5186d9e358eb2887dc6bbb5afb442c0216fc206155f0860430de97f59346754de3e6b0d39ace19bc055027be2b1d62f5c5d5034bf43fa7ae0d4a5be1d6810873e35f2014b441f3672cf95513f232f994c970e9291453f2a082fce1d93a10410045162e1da5cc1a4c020bcb4f15cad24282daa254077a22c5383ef2f6a12e50e1902676d4f87991940000000051f33f3767042db346e92482f83cdd865d21c5db107a9b6e48976957d5404d0f02584f4ec802a5522a94627a5b99940a0823da442ced585f5edd70e519dd1c0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 002c535184d3da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2064	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2064	iexplore.exe
2064	iexplore.exe
1744	IEXPLORE.EXE
1744	IEXPLORE.EXE
1744	IEXPLORE.EXE
1744	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 1744	2064	iexplore.exe	30
PID 2064 wrote to memory of 1744	2064	iexplore.exe	30
PID 2064 wrote to memory of 1744	2064	iexplore.exe	30
PID 2064 wrote to memory of 1744	2064	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\38e5ce6a0d5912b2c0249e686bf478de_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
77f53c021943818dc5ea22e49a4cc1b3

SHA1
90b3c7e57ec9540245e04a5ae8d292623cab6820

SHA256
f78879101c45a602e5671b9ee03206819cf0a64d1a30c8a8dd23690e5681c255

SHA512
82634c7935619467df02ac0ab76ad016921d21bb5ab822cf65e6721370b08f14c2791edd0ef3d300d9a577032ee03f31b27f11b019f3ddefcb4035e3345fed35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
41609280871e7d76673abdc483745ee5

SHA1
543a405879677d42d0661034df5092a49cfaf9f4

SHA256
6fecbfb085ebdf1b77c6be285a3fd1b92773b6e41d3b63bd74c740885642fc23

SHA512
38d525a3ad4e88aa47cad1d66c272ace3465e2510f595d348e60f2f57fa30f09208bc71e55f30d5944cd54d77c726454236f6fb09c3b0d1b78b466886242c285

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
199a109fac0025d97ca84df00fc15af3

SHA1
c81ff57f9d819f6d98f4a94eaea9c10bef774c51

SHA256
7ebe65983eb648c504d43dc37cef27d5b125b6ff03721e9406cdc4e5485d2cf2

SHA512
b46ddbce8484586731489f437d697496f772b930f3b88f5bb7927851c3631536dd007544d1ed0c8fa654afb5f42df3fe537b50a41d6a9bbef40996c88e8a1fc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
dd3738a43269406a2ed2dc3ea031b445

SHA1
89d4f80e1903babd7a93051cce4f65f7a74f4d13

SHA256
eabb1d7650e409ff10907f6adaafe297355a0ba10058067b54e566b5ea218c45

SHA512
d959a90b7b7409807e10b9564d0e87a73aeacc2f2dc0dc91c1927186911ed96605e5a94211e87105e606cdbb7802796e733c8e42175a96e8fa6ac1708c9126e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f78fea1d65ccba3065943561c1162788

SHA1
b661aa65e718817fe23c2b74e1694f5d7323ca4b

SHA256
93993090bcc1ad2d9ac67daf70850220ee84a60da09a5d9bc6272a71b34e4ec9

SHA512
1ce7d982d351c87ceed9ddb631110cdd936b8f4d60c985e444f1bc6ab4cad8d55e2fc2e015591a2a74193cf5282fd1c7c3e14720ec1f0dfe21aad3ebb68098ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
66dae4896eaf9fab87e85b875eec3948

SHA1
c9b3feaa5c24d5a2a150e0b3ffbd8a04abef8273

SHA256
f6aadf79dd40be1daad0ba2fccce998e5c4280213d332e0fadb2dcaae41fa5c5

SHA512
822ee7002bb7a56b371e6a407cd7dbdcc24be7e0a9b26efea15d03dc9ef2103e5b0182195ce56472e16608591d247007dfde890307fe71f1240fa10b570d7dcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
966e5e8068bd72a122e6684ed1392db6

SHA1
532544a7a21532206de930a44c55173c6187d9a2

SHA256
6c1fa4295f6dd161b6c0e06b1f52096b022b49e29d0fce0e358030f55b9ec070

SHA512
29dc92d3c93f56750417831eec4637f6e907b3ce5daab858a6d3243f183e16d8c1b822bc4f83347bd0c28142d644e952898822909788ec82ce06c8da8fd78fb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7832e801abc658198bbfb048d2b47ef9

SHA1
1c8ea2d70166eae1303aeafcb844f59383e9537e

SHA256
264a159193cf2c1923d809f25056b4fc0064eeabae14685cd67d2edc25eca8ef

SHA512
cc403180290ee5e0dfdde2fb3478da4b7fd70db1e89955fdad92c81a23f58f4c8cb47bb7b6275ba5d0ad6327de85dc379bafe0e154a7d07fbd7faa08aeca4659

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ae7d17de40be25b2a31610551a83615d

SHA1
59e4bf6d9544fc62eddee48ea5c796736db37def

SHA256
e06f85c6cb5fa734262fb3707d36fbe924db0a6b2c926b114a9c759d680beed2

SHA512
2886b02a3e151bde2ab664dd65d069936b118a533a0907d7cf12f8c0dff4d7fb571615dfc463d2f59e04d490b3f717ed6b672350fcff32b024bdd9d3a5e1a19e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
bca6648968c1b4a00a9310d611bf6fd6

SHA1
a133339e69181b16801116139d020424b5970807

SHA256
f322f7b0209ebe1a029381164aa23856974f0edede29991bd1a3aa2267ec618a

SHA512
1525e4252b9732237452922cf9450503dbd28a31a1f1e5ec4403db8f50c2da2d83e31740fc8a3c7faeabc0df9509f6b1fc46a043d5bedbc2182240768e46ab25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9aa596376f427ee7d214480df052d551

SHA1
514470b5e21b001f2a4abef6433726fc1aab5f76

SHA256
57530ad81b803bb7ed9e580f12405be99f1717f0687f26f2695b4f968f1173e4

SHA512
02e00aae5bdee04488cfcd63a18be739d5e6c72579f1a01e45e4ee9351024410aa724ccabd0eb57d0d4c69b053d8c70fc88b1137889d318f8641b4a758db7b18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ee7ff533c0658dd36d0939fea30598ec

SHA1
22845abc4e7e959f18d73b649b3ce1810371362c

SHA256
c9b6998b5fabf262871656c18fe6f5bd34f29da372e98cc1e8be84f8dfa78e05

SHA512
854a7291e48164779d2d05cce1848555e448d7699b730f5e0517cf2d1919ae65d0cb85a00c72a971141fef69d821472c907509f6ba058a320e471cd29b83b691

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7dcc26691bd3540879a1ad0e33311d0e

SHA1
19274e39f0a9ab66e63c760e2cbb74974575df82

SHA256
e132cbf752d39f697cd2588ff0216b4f358483bb720ca04f432f0e3993af86c5

SHA512
10d24d1ea7c7719897d1abf90dcb79f41fb6f91e789c22df384e4b27e34c458d2d7e6ffc4a99cca8e5fce4e5a107bca184476f096f1038190776d6b31760c08e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d50b01f18e930ed3fa899a20b086c0a1

SHA1
6cd17c22bb1be1b1cdc6df942ee85136a9a94422

SHA256
afcc4431006cc742afa60dbccb7ef578c78ffe1c4a3aa9290eaa24bba922d570

SHA512
2aaac4539780eca5f2820b264e83dc1d64dded06b148d412acde69ea7de7af0bbc93299533b86f2f813701689364f30465380794daecaac42405536c02105300

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
88fad45e9c052861ef8f495abf33e8f7

SHA1
fc029a12dcd912c700370114878c22f573ec8c78

SHA256
2ee8f38af6dfacb978384aaeec9620f7b9e411321e2b609105f12ac3777f8908

SHA512
92a6d04c44dbd60e3e3fd47b4ff23bd8b0251364481fba479968eae8593c551e39b3b44d0afc80a44a7d5c7bbe9eac691ec5046cbe859a08b2686770a51cf26c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
888ec97fa1fc0320af999f632d3201fa

SHA1
0011b52b257ac18d1e9c19fcca1e526445825e51

SHA256
983166b94f8abf731573f46c1337b6534cff1a722ede38d5ed341eee6fd8bdc2

SHA512
7247c3ee8eefa4b2027c920f4623fc664a033608f36c91fd4766c04387087683b0ac399dea3f832f123df0c35b530c8122fc831bc152d9a8b8cd9dbdcb4513c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3370ae794fbbc497d2b67fdbaa260ca8

SHA1
915099aae7f77fe257acfd9b3d9c7dffd0fdf925

SHA256
332caa44b774210ed147fdf5298d841a8a54fed873a25f33a44b3f28de627fa3

SHA512
8fcc414e408e48b0b019c61bf41a1f4f360ac34a4d812fdd1418ddbe7f9f949db30fb6df5108636c6de803792b2cc3d64e49fddff25003356deab23f9132dec7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c25ca61a257ae6914fd0762b75564e21

SHA1
843f59fbbf395acd187585c325ec2e7610b3c3a5

SHA256
76050c6ae149c8e368d362aca440b58d97151c87325587f3474310e65f573407

SHA512
6f859be2a685b6ffcd1e1504e5baa8c0e3ec4e577e8c96804fcfd02e1911931054b9fb50a9573c999d4264120400b9cdf1b9a174b53cc8a9bf59ddd3ac15986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCAD1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCB70.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit