465e6e2907f15ef333f6e4bb04b1f442170308b6cd074b2ba860a884f92a1e32

Analysis

max time kernel
144s
max time network
149s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a3470d9ada7a33c2a3bfad7a8f345b1_JaffaCakes118.html
Size

77KB
MD5

3a3470d9ada7a33c2a3bfad7a8f345b1
SHA1

b773b3461e3817a95b1a9ca20b4cfeb276d83032
SHA256

465e6e2907f15ef333f6e4bb04b1f442170308b6cd074b2ba860a884f92a1e32
SHA512

f6ae8c80da17957e70b1d2fc42189e4c8bf3fff9cd46856a82185cea9b2fb8a0bddc2507bd20411caf149c33fa4290520bb335c9e46930d03ed442602f394ddd
SSDEEP

1536:ftOrm46B5gRVdLPccaw6E6z3K+IMz+5m5EwpoNJxtWdY0ywefYRkHXJ3Tc/y+aqy:UPprSwes5Dc6+ZS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b700000000002000000000010660000000100002000000082ee56d8a01a4ba9b1eaeb02c9d9d843a32e3db92c6140592b3b73c44a3b7d5e000000000e80000000020000200000007d5de21f2c27278033f2d376294e00f144720a6aa93f0b652ededd94d03cd69b200000008cbf3d9baea72546207a057d6b1542d5ce9a7fb2e84f129138bd55bc86bc649d400000000bae9eb9c799ceb594932a0fdc4ef17bf1dcb6144571d25f44f5e8362d9c8a3fed7b4cb16b014123cf4ce6ac80bc214a5e0e059354e42298c9b0e8eca4978880	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000004b24fa0985ca5e1bda193ca8200c3def38d509152b76f293047dc43085b3565b000000000e8000000002000020000000aa794408a9448ece2b05224c1a3394e275cc8bf62a937881885bf1e388623def90000000092f8be5c8023868a21667400a6df704bf5b9ca07492c7181a55ddb02134ac9281048a9379cc7aa9d83f29ac30450ae3b001b1e21154c3f2bf3184149511240304fd692ba76811e68e3e3fc077e19586d2fbf95013750e5cfc999920fcd4fdea1e276ccf8922f53fe191f9de50d5dc9f7502c7bed15569064e6bc3222cf8b0c2afd6dbc997fe56b3872847dfb709e56c400000003a74512d2285b67cf961f4c9f9a1a36dabb7ef5bd6de10662c304ea729be9eb363034f7be1d32cf18a9776982d0519c41a66c2e06cf4f33604d117191817dedc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6264E4A1-3FB0-11EF-BA91-7AF2B84EB3D8} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4066663abdd3da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426883097"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1928	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1928	iexplore.exe
1928	iexplore.exe
2272	IEXPLORE.EXE
2272	IEXPLORE.EXE
2272	IEXPLORE.EXE
2272	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2272	1928	iexplore.exe	30
PID 1928 wrote to memory of 2272	1928	iexplore.exe	30
PID 1928 wrote to memory of 2272	1928	iexplore.exe	30
PID 1928 wrote to memory of 2272	1928	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3a3470d9ada7a33c2a3bfad7a8f345b1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1928 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
941fd706576eac0ae8e948cd55596907

SHA1
27af295ac2109a200c67c22c15c3dbc5686f3f1d

SHA256
064e97cc8e37d7599c22cb06b40ae59ebefd75c59b210f25c63f8a12c5900e51

SHA512
9a1eb1e28d1a14daedbf4e99267d54f3aa7bbaa88c09801f611174af279dd3cd0f0a5251a4cc319f14dfd7a3e036b3d8290898573cd581ce736f1bf182fef990

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5914d3ab7e099d161a977833537475e

SHA1
fd51c640a1084598be7c82c94ca53ba948b51270

SHA256
1e3d4b49e592d71088cbbfd2bfe94cdfe1a5634b6b35282c63349f41ad0a9143

SHA512
2d55f77e1897e56a543444a1ee4786c0331c0df54806275346a03912125e762f6dfbbacc79d3221f74d1a439d73ed18da7a7d97f070860e1741f4a766988ec8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2eee3cda6c4e6dcc34648923792d2b41

SHA1
ae615508930ac89c8ee9b433a06b2362f8f5f39b

SHA256
cc05f15b856998fe3d53f1ca9e252103b8ed29c1b91d8f6f764a8a469553ef69

SHA512
f7d4a3ef351c9d559976f358f36bb3a2a1526ea72a7be1237485aea178455f28009a2b3452216d3ba5697daab09275e5103bf875e7f9a3e13292c1fe92f8ed70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
962915c0bde46ef1578aa7d1dcecdd9f

SHA1
4058a09858e96e6bc13ea8c38ad9375a8779eee4

SHA256
42953a5f674493cc073a5aab6f1181cac05cf91abedec004593a9f3cb67db6bb

SHA512
f2c53f5385079aa951f937a8aa9ee9adb66889e8399dd7b3fbde8a1509421caf6c4976ed1a109460181b493b822ff1e4c388aa8163db110a5e846369e69e92eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
222a12eddac40d8e538d6c6c75589a0d

SHA1
c1ead7f969c5a243e99958a5d53b47ff4a8bea67

SHA256
d12c6c11cdf0a153d14d32dafe2f79892a4d036df1381cb171c204dcae1b5ade

SHA512
d596fd7393721f971004e1d0d387e7e6f150a44ae39e20fa96de03ed07abe9e38530c910d3799a1a6a6a474f423ab845f02266cdefa416f6b6866bcbf0f0cb12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
182c9c8ef875c67a13711085e5fe69d7

SHA1
45ff20a6f4798a581d3d100b98e0050ddf172c00

SHA256
53386478832d7d2c09706e36e4594946d7a0312b027d0d6d7140702a9c40330f

SHA512
d82ad1220ebea41ad975fae879c563a8bcea91fecf888b6b2286338ee8d2d69732985aa76ff747636dd167f93e630e8dd1dcd7f1c74af0ea4784317fb73f88ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7e9825fa26aab26d67a21f8f1fdfb34

SHA1
7f9d1a08b451dcf92c906da03dc7991cf3b1d664

SHA256
c248a4bb3803230ebbfccae6a05c5e19680a6604680b10db5f4a67df2d23df63

SHA512
790b5ae615a4e6cc9abc25337e384f30b3e6337e0592d97afd2f7da5f4d69edce0b426d626f91f301de75c7d31ae2ac62749cdaa19e5d0814aa9771ce2fe6897

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f569e05c37196c5e8eb2dadc44c5cef

SHA1
10663c0b620680c76d91351358381ac6c0017f40

SHA256
adff8547e9180ec16ab95f6020cfbcc32410d5c9f59d9457ac24c40097f600ef

SHA512
4ff9e3f6d047bd7cc1949cd9098c1db8310c15fcc9e2738011b4901f54d88467d7a3e29b3299350b543a1f88cdb8b3146d842687a220490e1aa1e846f0fbc298

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5578b6dbccdc1cc1518fb2dbf44cda6

SHA1
ea6aa1ec165575e0a67a79e35d80accced543590

SHA256
2bfd624090d610d1cdc8a82365f2f51b607fcfbd6a76ae3e46d86f4602e4bc33

SHA512
f174bc3bb1c6cf51f9253afebe9422e2809391d066a658a8eaa975a5967b9ad6c4d1f7918a65344aedca86221ff8ac1d65b0dc3e11caac0ed3eb2ae121b715a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c01e1b2d27d687c625efa7aad965aa3

SHA1
34892ed16370fa9cfaf35b204aeec2b55aec4eb8

SHA256
99457b3cc074b232f8bf656312da3a97bf1857b80fc9dc4aafaa57e022ecf7ab

SHA512
a8a9e8b2d683b50895d581520f747b08891b729c71fca927fa50d92f65e56385798110813f225bd0a6d7631a524fd18da9a328beaa0d38b70f4c15b5dcf41b3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
492323dee38f81906575aef17048a930

SHA1
67005f3c3b5543c92bee73f27075d2abc68f2461

SHA256
305f231c4070a5da5c555abb704ac45820d65782397f759a9ba63c87967f50b3

SHA512
809c777c3ddc0c22fce1ae7b073a93e470246b35c3bec018a902f838de3e89512ffa844fd7e6f55c14996706c3070c3ae8c05a775f0c50ebf88b10f6b995b016

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5a695ace6c098552e85e8db6719790b

SHA1
f3f15b948015c2bc8d62d3828ad9fb5cdc608d8e

SHA256
2a4699598d566cdc54499728a7f3f531fdda03c8f7690ae9c9dd8c09e9da7cfa

SHA512
43e6dc4c9fbf34ae60c5058bc72d437fff26646032e6ad0c8434a291cc2bca2c70d394fce45aff20825d6979b4d8f0d6732831bfc6b9530e857d680799b3b958

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd5a7e4e1ee55aaaf70051f71a42e434

SHA1
dbb8159e1573fd160d58e92a25f5859575491ca2

SHA256
ee2a67f5ae14427e6545ab2a64a210d56ce68addc15638d6c48ab531b23bb48a

SHA512
080007fb5a99b8dc87e0434f3ea97e132b066d16a5b49e5eb1c3f342b00942b9ed75e5709dc0419651c6ee9142649ebfa4795f898981e315f6d9cc1f3421f380

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d87befa5a988e8486d05ac34f648895d

SHA1
8726ccab49ee9a9ff4ce9272f0e010547886fce9

SHA256
09bb05cb6d69f0da7687a867a57e3d475a2e01ed02e163b164f28f95279ef34d

SHA512
905953ef85119b061aa2dc7ad35d48ae96e15f4eee3a007af8f9f249fd918baf8e6464fcd9e8f2fc0724fc9a0015b63cd2781e65d61475407318c435cb2677b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6c9dcda0a144fea5fee679b17db6318

SHA1
32c5abe99f2bbb3febfad9f717b387dedb93699f

SHA256
edd37f6f6cd83cdb2065008ebbd002e90f3a523e3baeb477acd44d5c1e5e8bf7

SHA512
af89fadcf98ebb424813660b705b303a443a53c16513a03d9b565565bce02fe03298debcc27855be81930c6aa7430cac87676d6395018f04919e3ad37fa6bc0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a750798ccf2e226e7840b0b68ab7fe02

SHA1
4090c5179b1cde2df57dab9459420899418d1bb4

SHA256
f688f4fdb7f0dc7129ff9b15c76fa3c1569d32dfc1e852a568dbe785446254fb

SHA512
2cfab8dd59d9560127f7ddafefa8b056d9ea34c996ca16470eb527f512c532524402d8551fbfcf9f9ac49036c86930946dc64fd6b31a566416bcfa9d856c27d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7c9f10f7afcb725a3f78b994dbd0915

SHA1
8ca12891535219d1300699bf708cc2a2c34af1d3

SHA256
e9298f00c3d9384ef5727b8adcff762e500ddd3ac2300b30ffb2793968b03204

SHA512
c995d813e8027e14fa243d6462ce5f626c55b259f3378e6e7701a04c8a24405b257857113abdafc3fdea4610d299dd3fbd7c2d403c0f3af5eae294082cf55591

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4397.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4399.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit