1b25fd023e36d6c66a71f41dcb2ff7a1ac414a77706645b5b36dc9cc306375d6

Analysis

max time kernel
149s
max time network
155s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 04:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

402d791a760b691c488a7169a9b94fd4_JaffaCakes118.html
Size

13KB
MD5

402d791a760b691c488a7169a9b94fd4
SHA1

7b7a08b227618ab92bc9c6c0edf653dab729b071
SHA256

1b25fd023e36d6c66a71f41dcb2ff7a1ac414a77706645b5b36dc9cc306375d6
SHA512

236c2746dc871477551183ee338997789cb6b7d14c0ea1e4ab364f15de8d11f2964808bfd2deb546910526b70d658517bf2fc83f103ba7d155ed9a290fcb4c44
SSDEEP

192:YYl3Yak/aQFdEaB/1SfqNIHw6TOxvwSi5u7JzhPlDh7MhrEMWeOP1F9lvhVb:JG5jeEuydwvIJzhHMhrELeKl7

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7823BA31-40CF-11EF-BEE2-725FF0DF1EEB} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000570f0e2240c06531cec5452d4ad796a2f004274891293ff739cabffa650800e5000000000e8000000002000020000000d834d6f38842666eb4a42ea004b492e9920df53ecbc8fe398cb5d7278968774920000000574fa9d3e593aef49014bb3baa6a58e4e04d9cefb1a99f85924707bd59517a7c400000002b3bda1c759346f36ba8f1344ea94bc0fbc8f5fdb9d19555b22bbcca3806b760a92e6a52a5865b2006ea2f3b5571f738d75c0cc3f310fdd8af12ee3e52beeb5b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10388c66dcd4da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000002d5c1167ecd07ca2a951d44a350fd5c479fe58d6a74e9188caec8b23d860c84f000000000e8000000002000020000000215c6169ea4e1a75677750fbb4ca1b0537cf9deeef6113d32b7052a543b7a626900000004fdaef38aca630eee362e076fae8997900e6f068d0bbec77d61a2e0699261bc858fbae5c9d7c2fe6aab985c185542c9d189d3ff433e45750e5f1415c137f716db77d0ddb985f3a749373818394ede94dab98ae77153db790e3246712ccf770e610923797b8e25e2022115779977d478c0c268a097177b9c4f1197a050e280a55818767b957d37d19805d44ef4ff993b940000000191b3ab648699c653b654cda0df624f0d754b0b99727cdf0caae7c9f5399c50ceab1b1dbbc80ef73702850f29822be6d5655df89525b3cac2d363017bf2e4b04	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427006397"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1972	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1972	iexplore.exe
1972	iexplore.exe
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2804	1972	iexplore.exe	29
PID 1972 wrote to memory of 2804	1972	iexplore.exe	29
PID 1972 wrote to memory of 2804	1972	iexplore.exe	29
PID 1972 wrote to memory of 2804	1972	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\402d791a760b691c488a7169a9b94fd4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1972 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
940ec6cce43383f42123c97678ce7496

SHA1
38792e06bf3929770559a9de0a962f60544d9c2a

SHA256
0ded7ad5775de63b31e63db772e1c31a2d4264d46828373ffc0a142c7caa9fa2

SHA512
7757f43813877cbac21993aed4ea695d6f428fb89c77f8621ecf44220d07b425f85e21d9642ccc33fbaef11e09d9991f52b489e2764cc0a5ee37ca26ed6839e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa2a58d63d0614978c214260559fa184

SHA1
28ade16c7cc53240897a6bd7ca27dd6a0bc0782f

SHA256
974575d0bde1a97d854bb0642226ffbd72a0bc8c2ae5999029b468abc6211fa2

SHA512
ef3c61708605f6cdea716092e4aca9ba28b73fd13cb235918370f9c8823525a2dd0af45c35b04c979a21c58ce36a3c1167ede08bd4df8b7cc66ffd5c521c81b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed32e33410d975cb63a1c68c8f887865

SHA1
2c42b7600ae32f57b8c697850ed9cdf4452e8c04

SHA256
deda068baf3905f02a658066ccaf4f55e6be394892f12d2bc8d97305c2237226

SHA512
8ee55d176d35441f31198e55ab3c0fef6ad8b3da39a57285d666ddc363d277b334d72b4a99247b5a421714da4bf46a7ee1b454b3c7d6303d617cc92a1f547292

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d34d562bee768bdef953e79a9bb7cc2

SHA1
e5550f254dcd4a1adc4062c7a350f38324fd0f70

SHA256
7ffa23f37df01d94083cf2e08dafcc8867d5f0ec11e6a720b572625f90cd7557

SHA512
bc4bb92e6c3a0423ffa27f4f020320daf775c6f84a02ffe4964795eef42b9d59a67b602712f39035de93041143405d1609aef4da10b36100d3f21c3070f4c4b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ead9fe5f9addcfaed37e8418d156c428

SHA1
321c503dc3ef1a11e968a675e5cc7f0f95e663d7

SHA256
3e65f40e2e8f361e320b2c6d9b522fdc1108da729ca50751fa26c5fb02f0d70f

SHA512
8a85b9ae36c8d5665b398c6f7d33af6b0e2297ac5343d7388d5da49040cf8c74f1a7cfdbec34e8c3930894aa10fadd63ad95fbcf688453d19b611245f90fe0bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ccb745adbc881a966f09ae7453197b9

SHA1
ecbcc8e9604ddbceca6bd3aff384ca5bc1dc8dea

SHA256
cc188d34ad63d3cb32f73f1d394314090d8acc29bd709e2ff7e3c86e25ecfb9b

SHA512
09b2577802357aa1e66a2a08b0e695f1360ad4f7c65584c42f56fb251c4246a3dddfb665796e67d067162149290ed8f4f8961563d3bce5e5ca270e8b569a7018

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60691d2eb0219d319422bfdfd6b6a876

SHA1
3273928e79e490cd91bbe01b838e0aee6080ca65

SHA256
5df1db11f7808e0979fc395bffe74c558ab75d9b836ca9dd3163f6e5e746c6b7

SHA512
c792cc8e89b8ea3ddaec5511d35b9effac54de4aeaa6d72be48b881f27bbeedecadb65b7caaf5e300a3d9403bd7712cd57bbcca08f4f62842669caeab8fc3ff4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bc60a99334ccb39d3814479c4d50134

SHA1
2505a619e3b77f862cf7cc08d3a9924746bf9ba7

SHA256
6860e73fc5ca08ce6939e4a8626684eb889ff5b2409e7dd0f5b0aeca5e4543bb

SHA512
b61bea4927ff28df22a6283dac623d141ab5afbae300968ef48ee327e2e90eb0f6e7bea9faebef6a9bc0f1ec40ded9e61bc9ab4c1c4147af3a8fed94a9bf0160

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91609d6b7ab9ce7110e11193109b695e

SHA1
cd0ff0d1906f46b729a32c8e1254ed6d53d1f119

SHA256
f596aed07d46230bdb7afa48c2b2245fe213cfaccc783a51973d728a62245e34

SHA512
759002ac48893f6cc59e79a573cb45668370fb40dc35595f9e286cca6cc903627f14e7fb062a0b4c07806988fbd13d9b7dfcf7c12ff5c28c720d02d2b9fb7cd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5eeb642dca1263add80caae52c313a5a

SHA1
d0f051bcf980b19d0b81318bade69600a84f2c7c

SHA256
9a8465b03abe041806132e6bdc2be7f09f14e17008f967108ee80354999c890e

SHA512
932afb3576dd6afb389ca00ba499a00498bb2508ecf38ec17dfc24e329db7e5f42cd03a5c69de91c79a23a97c6e2aec6658355468ab54cbb0eb8bf73df2e1475

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac0263894d9aed7db3a6084a87028108

SHA1
7591d9f5855283c9633254298518b1c787739d3d

SHA256
b4f04c4c9b6515ddb716b7f2cb8525ad1385df0ec2baa60f32ef5e3a496f698f

SHA512
f44b1fb8bb35e116291d52952b78d4018fe607cd0c5b0ba94e7c992034616f288e0cf460794115d96a38cd5f6673073d292bf553f66919028d232411b19192ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26336b6c4cfe80f7c498039666e2ed86

SHA1
4dbaacbed8c9f771cdcbf7764d80b46a4ab77684

SHA256
5ddcbafb5da754f40d476339569e48b9a3d5bc57523ecea8bea4d96b4f0c4f95

SHA512
58e6f4dc11057d938603883febc98cf06d69b68d6ec71ddebbf2806e44af6339c04a43c6b74f6e82d59e15db4d615c20fe282180c785150cce5eed2905c464f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35ba9b91fd221457af904086a5231bf3

SHA1
8568fb153f81cc96c040b1262b4f14231fecc315

SHA256
c5f0b0ad726766135d71b39c7708b85651b0bc214226c65d649c7a1ed4ca35bd

SHA512
5f0a22119b54fb2f373b367325650e421e290658f8d579677ece300075992123306f72015609bab5d6a35d70254d723924b303ae58fd6741491579d04f155fa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06b65a8d63573a59df108126cf7b89f4

SHA1
a8a6c5c30cf630116686cb49a2bb5fd1988ce2d7

SHA256
a4995a027426f5687bc002bc12c9dea2ed55902e273b68bbb4722ab1d3e66725

SHA512
1597df0ee79ddf132c916b40c66f6132ef7fe915d73f209df056668a48850d3926dd8c4322e515619ea4febc51b28c28004f9c6d428a11c4a68ca62f108ecd88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b98192d77dcd6259f313e21e6e35b234

SHA1
119393d95545c76f59febac1383ea15b37b7649b

SHA256
143eb67ba879c5a3d15b2f037f93bff0dfa1d81ad915a6e17e9202bb03f1beab

SHA512
4c24eeea43a4a418c3d202d5dd300a72c58b1ddb5eac7cb5dda9ba225a8548d83fe72e1409a1b94b2e06da7566cd24f2f2f5c91fffa94ac7487f5fc48b55374e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2c19c05c66834a6fbb7fcfb2e92efdc

SHA1
1050cc239a512c9ee48292527cab3804940d7731

SHA256
c16264714547e5f0ad0d53b3e57d943b07306c4204ef28bf037e5f4c846f6ff6

SHA512
ea8a83fe144c705d1404bff209386b9b99ac5100525c0a6d8ba140df327618e5da0274b2cec2aabe480793b868a678547c1d8c780dfdff197eb6f2959c8dd040

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b2758612ed65f19ca27e54d26909db3

SHA1
b0b0e013dfdf84aad6d9c8d66359bb3b9b601ce4

SHA256
3ce5a46880f63a402cdcc3cf5213fd80d7baf8c30b439ba3f57acbc137ad1fb1

SHA512
2e683dcead9f42e1a1f7fa30b64b0814ee279648f201da1095fcd9d21a9c0f468d9c6d35d7fadd3aaeedf4843910da2c97fc30b36c4fd433b3dbeb88a3314a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7255.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar72E4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit