623f374db2525822f6695b41b2898efef2b06c9a30e2c469be684d2152834a7c

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 06:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3c5b19d2ffb731d93f1b0262f99c4336_JaffaCakes118.html
Size

125KB
MD5

3c5b19d2ffb731d93f1b0262f99c4336
SHA1

7d20a5ed54cf79534730efbd7ac8952c9f520c45
SHA256

623f374db2525822f6695b41b2898efef2b06c9a30e2c469be684d2152834a7c
SHA512

f8ffa6c8f153846f05188c03ca74fc56183b97dabb0c303781da2905efc82856245d43e24c6043d8306cccfdae98546975cd1da19863f35e3f2420ec375f42de
SSDEEP

768:nx5l8HIUGvYb9EvyjHRpb7nhnNLa2RKUlcMka6ZW6DBbxA5R16jQyWxOO+:nbUEG9EYDXnvLVRKzMmW6oR16jQJwO+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426928639"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000b8413f9553a27a2afa02b448ed1622fd993100720371e1c55c9572df0b5b9789000000000e8000000002000020000000a2369b3f66c6fff1b80e3bf17be5e44b849a630dab3f252088dbe9b7eef6637e200000006f364c3fb5d9779fbc793f2add589c9ae79ba71204fbe0ede857c2ee9045fa5940000000b635664ff48948e671d431557d466196893967a7168a257aac9d85adb981710d7d36c8ea7af8cda4c7b3d0e50819bbffc76ecc275d341038e6744aedb105dd95	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000d710f9d092cf22dd3d7e38f476a911b82983b5953941f49fd03f02cc0c0edcdd000000000e8000000002000020000000a0bc9e4cb1ecdf1dc532bf529bce68485970fb2e1bf6b2500946cd5f2906ba2090000000292e53757a64162e1c63f26f3032d9a57f61b5f7e05234c35747a8fb260601a4d9ecd1df11250b84079206f48caa2e8faff0dcf0966b3322c3d471915f885203ee5b23b0881accf4f0a6c3ed894de05b1f6045c812369a6e0fe4935001b4103bf7364a872b53a14b856ba936ec4fd17454a5d56d9c6e51ebaa3ae612d70047ad54fe56aa3db5505f9c02e0ef11aa6c8a40000000f412e28756f9691f1138f8d0ee58395ee291eaad69e4d4cc720ab799bac574fa8d53b1cc5b3fe123769ee0c35bc5980e1925f423220e3627b908cf7eae7e65f7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6B99E5B1-401A-11EF-AB71-E6140BA5C80C} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0802c5a27d4da01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2072	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2072	iexplore.exe
2072	iexplore.exe
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2620	2072	iexplore.exe	31
PID 2072 wrote to memory of 2620	2072	iexplore.exe	31
PID 2072 wrote to memory of 2620	2072	iexplore.exe	31
PID 2072 wrote to memory of 2620	2072	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3c5b19d2ffb731d93f1b0262f99c4336_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d221b708908d3bc86051a0499bc65828

SHA1
b4c3cfc1443816f21d3722f6c4fab16d17df5ff9

SHA256
438a122c004f4fd041ba09ae7d8d6d6388d292ec0d7386e93d0340d5c4723250

SHA512
5de60b8332a3330589841d8ab384db88a2e134ad852b34d7aa561ee9d65911f07f0f2b9af9f7d6e0155401a826a8cb42a1f493ea3960e6d0f097e0c94ea42757

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
099a03343bb2acfc414f523e33714387

SHA1
7374230c75a97eb75cf82ae593a1f42009ffe71b

SHA256
1a8820787f2444d0a13eac61daace63c365dfd2607f16e2a2dbc17480fcdac4d

SHA512
812a187e2e9e752c0a325eb4444eec1a6533d935cda351fcf8080ca6b1ab59f2cbaccb7540a9256e4abd737b1cfba1832726acd108e045bf2d8fc43a41f80a51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad8d082772081193602bd8f80d58e036

SHA1
89b5ad677646f6c7806b79be5468d3fe26ecbbce

SHA256
0b5ee5247e5febd018fd5d093e4cb4bc60eeab82bbb47cc312b9e4c095561b75

SHA512
a70fbe2abf4281659012bc751c493073381797e3b52a5d8f3307838d3ed0b9ba5b5873e077d6acf83d0976758b657c6ea4c754fc59dcc1f6d4bf4e99fa268640

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee01ab79bf7b0a9066caf92735fd418e

SHA1
7888581dc79f4e2402b7d6c98338c5cd35f29e07

SHA256
8096671161af3bb3758624b6cc15b38f90c93be00385f8d213e869eabb64a7a3

SHA512
c6016f550556de03018ded6ddb0986a7185837f8c4866b2ed16eadc7f0799ba470600d27416e24e8a6c77ec4cc77bbe0fc2a7ffd31f38db0fe23076310370e0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e54d2990ff5a7626ed689f8027e96154

SHA1
fb3412014f4141b462c9e5445a00bca7f12d616b

SHA256
ef1f49e80cf63d6c97e995325dc19fac2b0cc5bf2da01e8a38ec4b204861c2a0

SHA512
874920d4f54999e150bf8d05a6599fa072107df9815b9f7d0f1b397629c1ac878c746335778aea870c88c794ad9ceee57fdddae0c03ca6bf2f830b747fd16579

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b3180b6431ac09ae74e16edb330b141

SHA1
d5dca5222f04c5f2ba6ba2c61543a6cdfaa6afa7

SHA256
f8673168016d9f66e775313498fdf7c7cb46f5374e09adc1d760725cf9e634cc

SHA512
9081eca231dcafdd27e1b79b385fc93449378042c1c1b7ea3aa9a171eea005e0bcb45cb8973259e143e24f1f188a6e43218e7c13826b714410f37628fcedb9bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
692cf15f4ea9d70720a400aaea19ae72

SHA1
a84e15420d359e8b528245c64726cd9b0f6e30d8

SHA256
e1a6ffbc17acf1785adc8bc7d804e42c83a8d2ee3866e1b0eee9be541cfb1608

SHA512
8e60b6731974e843a088747d34099f16caf5af8f03b508920e966bc97111edd31388128c7a4cd5047340ebce1bc12b917536e2423876df791b0903303d99b0cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5df842e8fb2bbcf1fd28d1984d2794bb

SHA1
f8b0b3f52bf3c640a98d7c98aeab9b1ec8a8ae3b

SHA256
91497fe2e8f07a5ff57e4f771c67a7dc2865c91765fd4dcf5b650dc3579b6a4b

SHA512
a9592ae3d846579c87a79b3a79bbaf68341ebbb332e2a9f58098da2f2db44d61b43f1ab61a02734673312d70b901ec63685787b4eeab1d90e0740d0ab1c15c2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20a15cfbb1b60b15242944e8d487fe50

SHA1
dbd51ed694e0eb0e4d2fce961da05a196b68984d

SHA256
a91ebed0f2ce30a59f71adf0ece675f853372c29de5c3ebfdd35aea915cb4055

SHA512
4b01ffc4f6ab56b1f8a58a35bf795f81986e82e6e42c607b84b70a0dd4973dd2ba9ca1456dce9799afe45b6228dd9fbbd67e3a979126513aeac032447fceafb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a687a7de3b7a8319867193ed3c901b49

SHA1
46921daff04d57c096bff7cbe363b2cef09a89cb

SHA256
72a321dd9acd2db044b8a78a6e3e173138c216b5833a66b6a845f2b0535471c6

SHA512
7651da4d929e4b46ce3b33e7a4f801a07c3ad799f861e3387ee5fa58d9a6535b72a5262118e1e2856b7ae6ee72ff827a7b1d81339a0394b5b628b740b0f9a86d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51fed9f84a6674e745e0d7483add3188

SHA1
27c2408d4eaedd01c5e210f87e7b38ac962048ae

SHA256
726714898cbbe5ef93534bc12cc4161412cd5bc6920ad32c144d47713380b359

SHA512
27f28ee72df88d162efd993fff8e84bc98c15b96802a090979e39b05d5616f8e3e6a7cb9eda7c9100db64e7b29b83c2c6798131049a88329d56926ba65dd96d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47baaa35c29002f92011789d7bf27099

SHA1
7d1f590b1ecb12bfb76c1d86cbf65f1ce756da01

SHA256
f1144af9f13a27bf4da208539dec6d54d9cb4d1283ce242d0877875a73825985

SHA512
1b3cbef6eff14b3803e7bc91ccafd5fec58829b7924ebbdcb65c71afc5a497243d4e48b58e86835e2299510e55896b075b436619f01565b05759321f63a864e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21c878a0b6d723b3bc34d19f7e5473d3

SHA1
5a98e9ccffc67fae60dfff6affe4e55e9c8bed3a

SHA256
ecd1b977d57512e3db583ffa18a915ab54b5e7c5210891f6532393d185f6e1ec

SHA512
08d4b87cb014cd199184b2317718e74d4844139336a965d260a768424fb1fab10289d0ed08c8d70ebf12d22b61c6e20455fb43ff2bf56620beaa19b26d8fcf94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b3facd56903bcc0d152b24790da820d

SHA1
fb8daea10bc2fa8a90e23595193b527e83d90083

SHA256
dc637eafacc3cdcaeb15db071db809d5a25c06311c5b9e2199eab5831f86e4e5

SHA512
4ed1d4d900f48524b4b2cef3f81a42d5af305e2449f2824a1f13308949cff7a7562a9d3a65dd2439de88ce2ecc21580a71edb0be3c65df288d741511faea2234

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b35e69ee451f1f8cef47146dbad4a6b0

SHA1
8aa74cc75419ab47fb45d21bce9204d5ee055c00

SHA256
5a270d1411d0b0d1175a6bb2e90de534208417501a1169b2b763915e85f2acaf

SHA512
1b86c8952501414969b8bab2f192913241f114af783c0738da148dc202af2cdbfec4fcc65ca6156f4603882a44cc0ff55d239adcaa98d530ebb2191ae54d64f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB721.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB733.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit