1069146e75f4c9b2b80f24b5b42add18c882003c94e681fde48bab8bd7223074

Analysis

max time kernel
120s
max time network
131s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 23:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3f5fdcf3156a24e6d9ab8f0adcd028ef_JaffaCakes118.html
Size

31KB
MD5

3f5fdcf3156a24e6d9ab8f0adcd028ef
SHA1

a73079484ad44cfade7413f131d63b17c9aa96cf
SHA256

1069146e75f4c9b2b80f24b5b42add18c882003c94e681fde48bab8bd7223074
SHA512

f6a8751dbda0844eb16e12886457e9ab7ef8838a71bc0e05d12da0bbe3ac66f5260d69a10dd9178124b3bf289cde8796ca6448dc6728765244c0b1797fdc306e
SSDEEP

192:A1SyiHQjc2OeAS7N1GibwmzAsmRoB2Ga7mnQT/l4nRTnQxboyqDMwwAyqDLwwbXu:HyiHQMAmr1M/jXl6yT3b0SQN2yiHG

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000056d4e751dd2e99d220fed9786eb6e81882a6e00eb655f2aaeb6cfcd70eec6471000000000e8000000002000020000000c594c3d40107cb22e11216d453e0b5d2879147c1db3877b7e9211de9249698bc200000000cb61a2aa86bd126dad7293367c7997733d9fa4988f65f006f0b2ba76b4fdbec4000000071ffab5f7d7041fb2f33a7dcb67cc60e7869f39516ec189e17aa8df9f6f0392ba63e5265465b27349f77a928fa35e41c42c2c6a41f9223bab340a51d10c1141a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000e65163671fa5ee1c5b29ecf9cf839229b61d63f6d660ad31e7caccaf458aa839000000000e8000000002000020000000d1a7f5d17be09a7a0679786b268432cc10766d98808b9e68d4335b700d460fb49000000040a2b61af5cd2ca6e5a8af081af2e0ab5870b423eb70bfaf4faf8b60d3ac816a214ad89cd2d6e1e36e878c2f271bfda841102476a19e1092973f082a46c809de8156a008ba9b83b7655be0db98ae800a9d6909b5e11f2d28f6fe10957894c5cfd0304667969fd197b674ea9a3c0c8388a6b4183caf3cb8faf7671a7cbd701e1004eff9223e1b52233bc8d1b0605511fe4000000011059c6dd0c3e48d2e848590fba3b48ce39e6580139179c47a326686cd218d08510f6ff2202caeb7999abfdd8a47a9cc3f35249281936d5542a75b0c13035bae	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f08caac0b6d4da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426990270"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EBEC47A1-40A9-11EF-A069-5E92D6109A20} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2416	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2416	iexplore.exe
2416	iexplore.exe
2828	IEXPLORE.EXE
2828	IEXPLORE.EXE
2828	IEXPLORE.EXE
2828	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2828	2416	iexplore.exe	30
PID 2416 wrote to memory of 2828	2416	iexplore.exe	30
PID 2416 wrote to memory of 2828	2416	iexplore.exe	30
PID 2416 wrote to memory of 2828	2416	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3f5fdcf3156a24e6d9ab8f0adcd028ef_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d45230a83c05739a27e225df38f34712

SHA1
04ef747b1633c6635b1cb6cbefd18e3b40843206

SHA256
831e922453c725eaa02660cda41870ed87f412079ed69fc120db6d0300ae40c1

SHA512
4e4162c0015ae951c4593ffc66690e1781ba12261aaf0d0f13d7d280feb57c39af28d72f2392008106977336f62151fbcf4019b6053c321c3fbb584f0b31592a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ee10158a0d8f9b7b382b2c216236695

SHA1
98368d50ef8fa7ccfebc4573be7dc03d0f167a30

SHA256
787295c5a341f32bf79e9151b7afc4e690c23aefa2958b3598bb6339a63d8086

SHA512
7e670ae0605b5ad2402914e42245e2b572547e46cc547b5b3b97702798e561dbdf22900eecb5c59eb68aa459825d128d48fed5be76de7922daf0d13c23376e7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56a9422691f73f90895d4f26ce5370b4

SHA1
1f95c9ec880ce196a4b85735d698ba4a55910db2

SHA256
ad6b961b5320c382d95b87e5ab8bbd5214fc4d65707ca9e4510ece7b12a3e4e2

SHA512
823e0cda839acc1b75cf6ec3f88f59a2ec5a45de142d07e22c05a95994f3debbfa6fe591c8e26039e2a82b0317571ed1a1ed86f514915bd00151ca0cec75ea6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61db8fdc5bccf22230811ed063cf430a

SHA1
c91d5be94cff82481c63a1c90a389b58ee1232c9

SHA256
c564c127431779d3795affca7d54427fd3d962908e34dcf903e0fed572dc8966

SHA512
8e91fe37bd676461dc874d48b5b68e503ad2e67aa8efce8b621d997b1300e65ffc432dd8f6f925a8e818f75e7cd2414f9624bb225050bf3e352201a979391606

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24dc06706e4a93dc18a6d0cf347044e7

SHA1
5725804c218cd45c60298bd68708456693e8c130

SHA256
333893add779d61db653d61c6b6ce8cdd014765506fc0a28b320640e7dc2915f

SHA512
afdde155f0bdf6910d6abf7b4af7263794a787a8259f7601fc397c060f9d3f080999fd47b5a1fcfa738575474e6a8ab8737ba2ce417049543479199ecae81f29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d7c5bf347e071b7275255c4e95328e8

SHA1
fec539db133699b7ab3e72a37b069fa1224affa9

SHA256
492f2a829842dd246ec9e372de884e975923741f0c27048832e0cd1acd267afc

SHA512
d254a20feebd55d0a9184bd5592c04135f7df13bd80bf5ca6a904470425d953e7428877e6ce165cca977eb7cac2ccf87b79d743ba122600d3526d4413f8efcf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3fc944316089e6995f2080db02af98e

SHA1
0def5ec14c1b092af4a5b1e28c81c88f80c10b6d

SHA256
441e060e05aab4aa17c608b035dd2d1bad712cce760acde3d1b473089aa91468

SHA512
659af8bcd2af7671257a98983a077a2f50c5d49761e3d342c19fd6043f8eebd9968f90df76c87d95e35de3c9e2020b88c13846a6f52afb4953f080bfee67bb50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b9b983202d379e248e20bc078a248da

SHA1
10450924a27da5f3156fcf12269e866d8b3b0bfb

SHA256
28ce0de8f881f87a7f611e62d833ba5198ada9621e6ba67cdfcb2cab17d91f2a

SHA512
4d3137badf1914c6f487438fea8fbf55354ccbcde238b69bc7002fb9593bc3060eb331bf56ce80e7b4f2cc1e57ab885cffcc2feaaa95541e539fe4a3f08ce24f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4bd6df082edb90fa6c96b6c6b3a5d42

SHA1
9c0fb4c592ebff281cb913c3fc63b152481d0a40

SHA256
9fd4469f5333bcaca7ccc9784b08238b49dcef88c8a8801ef7f08fdf20740f0f

SHA512
d464278a531a532dafb6d67b0e8cae622924c856f04605a1c77dfd260630327008267e4165b554f2ce1048d2469f4902733016202a5d27973abc3fbc88aa78a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efae8b4e25edcbb48b8a465c099f1936

SHA1
155c219f585f4bc24be967e56409a288385dff01

SHA256
f5cba66e1ad338abaeadab1fa93d5e05bbdb2d4d267d85445221f71a8137577d

SHA512
5a55fd262f07d4a3a11654c47b356decbf78ef0038bb903a556c82131c2e7b4bdaf1bd5f2b3f64a788fb3f4cb1039cfa6b506171e13756154a74c2edd2cd6781

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da69e92e30287f9fec0dea6672420a16

SHA1
a292d6cd2dd66f74ec8e0a5412e1e39816afc727

SHA256
1c54852b997288d725b85cb56305475a18f33df0e0d26829eb213e3bf7818f8d

SHA512
e80c08f7b565eaf3abdd4c285dba5d50e9ef3df0a1c48906d9ea1634758a2e6b25df98b115068ade29cd4142747e99a9f8004cd55737a4e2eb9cdc65271d84c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
767e7b04999772c70c4c56fb800aaa4d

SHA1
9c5e8b85b356a91dec82eaf91b59f66db738244c

SHA256
15ef1cb387e616374ae993f6cf224ea61785d5cd95fec7ac255312be2ee061f0

SHA512
20513bed091233e5bb305ccc1a3b285b013c7739878149aae63ff86392d9f9c4bf3ad170dbf3e3fe03fef1675452796ccb3d7d16c309b94d31fdc5ff961c59e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89a91fd5f404f88a65fd25d3ae7fcf23

SHA1
f1cd0b1b66dd3b0213cedcde8ffc981f59593797

SHA256
2dc3ab7c2c23b7d87cd0205aa7d960f274ccb0f91553f645a0c336b10e759d53

SHA512
8978a11cc7d6388bd40b1a508712b2079f541af4b510c361a09303d22d0bdf1f19d00bf67e05f05fef0e8564989ecac4d379a0b0ef468719bdeba7837d4b0baf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c882bf749831b3a40fb5ea99a5cfb01

SHA1
35eff4f0b269458223cad9e296b04fb45ee12d4b

SHA256
d7ffefd0731e58388b4ba03311d339c85053a94b9a8216c25f2e037bdf69ee02

SHA512
3e98026d1094ad57e39491e3e463158a8419912c44a76dbbf6d807331ab49a2b6ae336c2f0214512cc05c439958bb715ff7e145d7c217548a7875cf5168d1bfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5058572f0951d09efe70331c149073a6

SHA1
9e2684a88671db285ede03e170a067cd5a311d89

SHA256
db8b73ff8a365e41465da1553fb0119ecfa467f54aa9d53181ef38b8707fd197

SHA512
578d7557bb5e41438e9726d17b8f54dc3fda2eae83d0b2d05d6b5ba441c7ea1fa925373ad4b7d16d46bd586076ba030ecff80213b486d406a691720de2bc6878

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfe2c37ae7ff6ffd42635da2878b4153

SHA1
7d631d81dfa1d3698e3b2f1f080a9996ea2a480e

SHA256
76f8393c8f3d51fdd5b3def6afc8ed33d55f1d6d7159ff358da1f14c9dc6a954

SHA512
82b8276984df25ba6905a5fb5178635e04ce85d6fb59cecdbecece3f81b8be23b442362e29566e485e2462a43cb15d41f0bd14aab685157ee41f9f9e07a4269a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f93bebef0f178b99a20b393eac37588d

SHA1
7a6b1b2abf929ab6f28e06b1e253cc759fbbfa6a

SHA256
d6e5703f040d9e587d703f74ac65b60f88a2e21b851088c4c49230550044f317

SHA512
c63bd99c4a78896e743499344a648dd55cd77abf80d264f48492a9363fe729878ab11dfbd98e4825255f35a23e7e9928ea35bf6f9e4a4b9934876a9a11a15f74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5439.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar54EA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit