879db7a6e164cb3e426119df27fd940ca9cff533e4c18a6092c64316a0e09e6e

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 15:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3df99390c06e9bf666e3239b25a2f1dd_JaffaCakes118.html
Size

21KB
MD5

3df99390c06e9bf666e3239b25a2f1dd
SHA1

cfc6fbdaeef0f241fd46b84e744e3eef03885438
SHA256

879db7a6e164cb3e426119df27fd940ca9cff533e4c18a6092c64316a0e09e6e
SHA512

e365280ee405d93c2c766895a222eb40a2615f3a4102c517be0335d882cc646857689062f44e4d3416be93265867dea5a028cf32ea872724802eed97e969c577
SSDEEP

384:zBHgIprA7cyg7HBUcrSrPprutG7GJxMx8yxqx3FJhHlU+jz:z1Ts6vGehH2+jz

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426960914"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2086fa6872d4da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000930ed985b08cdd4cb38e38023150682b0000000002000000000010660000000100002000000020f396f4f1d603d3f361e2a9d59ebbaeb34d9b80b236ebb5c56434529fbea47c000000000e80000000020000200000006bd32e320171a8b7653c08f6fde7792e4b9f340ba82f45fc58a52aa81eab3bac9000000063cdd1d7332a069529b14ed34cea801cae51ea4b8d1aceefc51ce9190a7f2b84ecad34830bf87856c5b0aa2aaaee9f7470f7e976c1225ec020c3d2d67499f612c137816aae517818a193c570ed9c67481e531d35ac38f895811768ae396c0d7c5de066c6a0c990ad0fec7fcc0b64951e7acd48df27859995e996826598ebf81c075883be6928a752fe3cb30b90874ac140000000299e1da69f91b511de5672d55abfe78030e8c9c3bd293158ee5cd47c6e800fc84f2f8c528b384ff4fbbc76a0a75a2427931040e64f539f6fa544d9314ff82ff6	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000930ed985b08cdd4cb38e38023150682b00000000020000000000106600000001000020000000adc762a106751ef74b78970dd94bd777e74663a99cd891909b933941e32d2739000000000e800000000200002000000020c75d9d50d3a4adeffa18277d8be2c77fd993a5df84dd00e38081ee5b25819120000000393bf4bf27817ddfb54ceadca9d22f7e25d6da768bc4fd625ad09254b217df4240000000003ec5ebd1dc3a6f872c81bff0082c96cf4023d3c9a6c8434eefb77477f873acce273173bb20c04dcdd9d58616a11e76911a72aeaf3871c0384fa997d4ba619b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9251F531-4065-11EF-AFD4-EE88FE214989} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2064	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2064	iexplore.exe
2064	iexplore.exe
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2080	2064	iexplore.exe	30
PID 2064 wrote to memory of 2080	2064	iexplore.exe	30
PID 2064 wrote to memory of 2080	2064	iexplore.exe	30
PID 2064 wrote to memory of 2080	2064	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3df99390c06e9bf666e3239b25a2f1dd_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
2e93a54fc65ffedc95fed2f462c11fe5

SHA1
2a23309fab7bc615820ae5bf1fddf7be660f1afb

SHA256
c7e5d16ce0a889aed584a80eb9e48c701cebf115fdb5e54b593e2c5199c5d346

SHA512
5237abfaf3e77b67bb8d9abc638e29e8b670a583cbf5b661c58bda5d0bbf9090c13b002e5cfcc64ae1d2c31a010bbcc6bcea61f9de1adf6aa21b99c5e564d511

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7e4a2aade819c0fe2df2c9613f40efa

SHA1
acf0f08dbf8b315585860cc16cfa08e3232bf5cc

SHA256
60fc007dd132094112f66815f14fbf115b69b1aa9485696efada6cc163fb940f

SHA512
d7e27b3600e3f4e61045fbfacda8ab10817052694590d9a14347a6430b3b4506fc4761fdcaa6d29214710db6f17aba6fe7925243fe308c904ac61f548f4afaa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab15d6d06ef916752fc4f8375d44e173

SHA1
0ad40da862c69f4a0b23bbec35f806e9bdfae419

SHA256
c06acf1cd0eb96816e464eb70a0c056c9fabc7feff048fbb2d873e4cd63dbee8

SHA512
3bf473a393c488f3d45304b13f4fdfdba36a2427fae2980c8cb05d3e323539cb89baa586c544a1095cd0a67aaa357f04e58a8c6795bc8855579601fda3dee6b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0bbef5a3304c83196956140890e41d12

SHA1
718b6a82567af2d346d346bff02857c201857f5f

SHA256
b8068e74f7ef0345e584f8ad5096354f2b69e1cf04c87f2c315d108c64e5045c

SHA512
031d2ece5b8f623e0a91941ee82571ba8e8cda90b91dd299f84a5477ea5e79c6bdb9a86913a8dfa88cabe6e3314e1dbe5394a83fbf317c2a9ffe4ad16fb92ddb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3676b1fa052b7896e0b7806766eb94bb

SHA1
d082ff0cbca809e2fef2a592ef43769e1db16a63

SHA256
d1a1d98e0a3bc65e40da54c358be8fefd35b596bae22c09d73e470c890b9a46d

SHA512
2a858535618c588fbc450ae4d6fc706c8af3ce801a8a390eb1b7bd6fc0126886ff856a35f53625dfa0664bce054e9821cb4a82186aec14a28d87053c0bd71a66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2011d57236f590ed11916535098f1f16

SHA1
c2930f77c33489d8343dcb46f9130a2120c54539

SHA256
bb079d6d0dbbce383a6cc504b322753be5fd3923539ba0c1a8e760dd19b2c6d0

SHA512
11d6dbc46768254d7f0ea91e0a311c5f1e7d3191baeabe1e4da2a045fa62827db1cd6d05da71c688bc155f53f7d39adc5d024cd10d684470a9211e7dd9635e67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89e8efcc431250ebc1bc07afcff662ff

SHA1
b0d07c473842b85cecb565f9d12dde3c2c07445f

SHA256
f8b37a25e9334722b47f8937fc84acce094fc579bee830a5071abacc27b6463b

SHA512
e0ff67a398e3dba1f656459ec7fbbde82afc2394d0ac5fbd6d00ecd057cfcd02467debdd4fc94fd18e4ec46a3ccf6b609a70b8ed9ee547545c351fb62efda031

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75ae93e84c1cf71ce01cf610f1a0ada0

SHA1
46c3335283fe333683d038f50b3a2a3e9d7308f2

SHA256
766bfb0c26f4100b52b4a2f428771b0b8433ae35c8482652315b1a47a1d2b372

SHA512
ef50084b85f3b2f3dbb8efc37bd7281c086a4425d0a643371d33e3b70c5462b6ebb560ccd57e6e04436058ea2f4dc0b23b070eb917e6bad858a65746f121f4ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b737fb6696b6172f622ccfd4976523f4

SHA1
c52195ee36eeb935c976b552762f0c3113176f86

SHA256
e4cb1b3a36202f2ae354e19b9ff6e8ecc36fe6a1d542247fe7e4967d676ca854

SHA512
9380e1c44a4fc13890f21d3481dc938179a8c02372f23f4a3594b146c95e583679c8970457567ff691cd09c07a7defdc830411961de2ac19a3e4898ae8a160dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0d3c0ea00be670f6c851fe11f75dec1

SHA1
21f1ca98e7120cee59014bb41615489f703efc81

SHA256
a99240de54980317d075e9705cb160dcc5f4f5b077f70e153cb9eb7ffc489991

SHA512
00eeabed7b120a87e9747ffe43f9d5da8e9be59d432cdd23039c52f485bd71561ece1278dad7c3678ed8c2c3fee31bba09ca5146127b77c3c8924e07ebdf82fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
438e184bf1205a19cce16a9de92aab21

SHA1
12d3602e866f3355918510e6212bfb76036c33cd

SHA256
9495d18555c8157ce0ff33db2bdaa3f446f393b4d1f591b96cd870afc9770942

SHA512
59199edd374adaba9a2cd9180886b542c0e2644d790a88afff980795e658a0a00cea107f4441697d659ccec32eff70b8d909617a6efd75247dfb828560b42b38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71deb81fcea3aeecd3e3f5afd0686bda

SHA1
1eea79def74c4f37c50a17fb0f269265dfe4e148

SHA256
608824447c829bd10cd72fd78f50a1965748a573ff39ff9f520ad0cc62c76fe1

SHA512
473f3f8147bce46abf01ce736b1c766c7e6b7aee9728e3e173c6ce7f9a603b1a71bb7d144eb76bdcc576d30159415930dde2b16890001643728879fc905d7b15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da91bbdb67abf180365d6ddfe26ab77c

SHA1
42b8d8962722f20b9b6e5ce6823475f81df65984

SHA256
5201fb83fc693885f9b60913127bb2ebd3cbfea1ef688254c179f25370a0b88c

SHA512
68dbe23860d0d76ee86f67262d5cc9806371d38e9876ca182d7748ba33243a016e848a5ca9db1a060b4ac695f251f7b18deb89b056e257b0d253741bc2ff92c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90c5755e6a6918e91f7e294ef63dd6a1

SHA1
68367f971f251cedb76ca4843ae5109cbf48a81b

SHA256
ffe77846aedac66aa36edc8d67b1bbec2052345dcd9cf4012aee78f2b9901a4e

SHA512
b4e2c2b5c6547417bb584191f0c8b3183d36db64f70398db2bb4debf62b22d385a3d925de9adaeac29a5568505bdecfd3a80e21463b46be15f2accf6463490e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE532.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE535.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit