58241b73463f97ffd39964bf279e8e6efe8934b631c42fc2023ebb106b78edfe

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4305517a338dc0e8fcb31a45aae122e7_JaffaCakes118.html
Size

73KB
MD5

4305517a338dc0e8fcb31a45aae122e7
SHA1

3b87b9af5f4172dd05058876721804f5c650e2bf
SHA256

58241b73463f97ffd39964bf279e8e6efe8934b631c42fc2023ebb106b78edfe
SHA512

71f45780c970e42fea3baf7ce0c60c96e93d06e48ae05f97988d3d1c00b90da4a7b3d7b9a55b3c2a366f0ec49d506ae4a35c536618b2bf1f46127ccbf9ba8009
SSDEEP

1536:7d1kV9sG+AlgSvSMqrGjWLX6iTnQaHWrvWvAgSS:h1kME+SasjWdTnQaHWrOvN5

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000a5ca0faf6134824e8418b5b8f3f8454d98b19a116a82a9feadbf52c48f5c38e3000000000e8000000002000020000000b389e110cd691962415565e5066cedf384cc2346ce34c2a977ee892a845acae29000000011862fc601313ec8e603ea74805f04aade7c5b7e21b0bfbe64d64396381066efd543cbf10b8d8014091c6ef654772dd437a002510e9fd39af36f7611337f959793dcc68f52516a79a1e63623d3a1acdfb13ec6810d9c8b9276c1d91ba76062255c604ae14ecfb413af26f69c0bd793ac77cf683d54b9ea022f75568ad009aa673a9c908c2a3ee266237ecfd41a29a7414000000064a6f000446fe2cb3974d2c1de228346f04dd95622440d2cf132806fca5893a73052e1cdc6585889ad12aca6750750ef9b764b29fd95894bc58de37b56eb436a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427060561"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{94A187E1-414D-11EF-B836-E21FB89EE600} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f0000000002000000000010660000000100002000000085ada60a8bb637092ef60946306ec3f2eb4eec62d9bab91e06141ea5e3b75a2b000000000e8000000002000020000000548327de335d303af5c52d00bdb01885e2862956285822f32090b2022dfeb6d320000000c9dcf79775ecdc553114a57328063dd8ab3f545adc791ec5bdbaf8e3d8f84b7b40000000310c19400788b3241a7ccda776b229741cb7e1ed0fc8e6446838550edab4dd4e342b64931da3ebeec02a4cad4657844c1faa9a257071b6665a01bd5ea45e8c8b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 307a58695ad5da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2144	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2144	iexplore.exe
2144	iexplore.exe
1748	IEXPLORE.EXE
1748	IEXPLORE.EXE
1748	IEXPLORE.EXE
1748	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 1748	2144	iexplore.exe	30
PID 2144 wrote to memory of 1748	2144	iexplore.exe	30
PID 2144 wrote to memory of 1748	2144	iexplore.exe	30
PID 2144 wrote to memory of 1748	2144	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4305517a338dc0e8fcb31a45aae122e7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2144 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2222c5e978092b6cd945c73087bf8c7d

SHA1
d82b62995b465b06fd478fe692a811f1ee34a70e

SHA256
2fe16521921f2b749790b3b095b302c12a237dcfed96674bb75e7f51c89ff07f

SHA512
9e3b58b73512cce6909d4d330b06219c0d9c98cc334304fa077a2cd14c17745a22f381d8205caad093d40a34fd4bb1a72576a6e3a19a0860d8497e13cf29a6e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
389d93d5ce70ed3c5d5ec77d57d26ca7

SHA1
4a28bcf13e6f43f3c291e94d2b2f84afd7805bc1

SHA256
dacf3f72e0d14bf9e95972c7553b0e424083d2971d152ac1b44a7bc1316f6d5c

SHA512
0625d71c322626061d2af89100a577c0d825a7645fcc0ade4ae33f609d0256a389a5687cfd829c55313483648d80d85e39775297ff53b2028b726dbdb97fa908

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c62ef0c44f31d82ab52b01cc58c9e4b

SHA1
4b83ccb8617d04d8c6591153513451ff22d62580

SHA256
d1d0e200f8cfe3b5c3b80cf23d5bf0e2f9e549008a13709512b163088d57b501

SHA512
607d3718cee66131667de84fb732a41abbc1b04b8eafd2c0cf510dcabf54cb3b346968eb3dd806cf1a40e4d2484083c4738a97a862efbd073ebe5270f9a64f7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3024345fe57a26bca94171558d17d2c9

SHA1
68302ee0b1d0287c8526a6de78fc9b9351bc0eca

SHA256
0d40023d239aad4c107eeba0a2267ac555c850f800facd6a2a650ead4f74009b

SHA512
c8685a4b2b8231fcf938930301bc892edc4361c5bcef447bbf47c94323baeb5039851dc7cf558474cce3c551deb727f06c2f6eafde414d488fc52e46e3517a32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3dd557daa9cbf9e4bec338bf65107e24

SHA1
39050ef0db0b36ba48f9a57941daf1764e2e056f

SHA256
7afd798d0840f5ea6079d1b097b2c07735e8c2ad296f12800e498ea37434a41e

SHA512
bb515a5b0dce93ca9c1de7aee09246cf1c0cb4a0795b065596c0df78001cd4e5f8c94581abb2b66b78d2337f2572f30d3b4bfb17c17e9720a44a30a82fc0995b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d48a6504ff5450e666f5466f72ce84ae

SHA1
2819c3b4c88d25d64885b61df1aac4ee7da34fca

SHA256
81702bd67834a28e6598284f3dd23392bfd9629cd8eb8591608963c77d3ace10

SHA512
ea5eb442ef8c70c6c87b2e8c1c74008b997ad53fc33a0c65bdc178296d2c6469fc8cfae8be30c07a3c4712f4cc8ac160b46f66bda78b8cdc0d23b9bcc86bd141

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cc6d3cbbdb30ade1f8f54264027230b

SHA1
70db8a3c7a5cfb0d888430a00d7843c1d07d94e2

SHA256
340e4c0047698ba1994136e6cc5930f3cdc22e818943a6f75a328423b48281d1

SHA512
3fe660b600560319354ccc4edf156cbf6456ac671efc80742e00f00cfe163b973a9a7710212e4b1baaca84dffd9092492727e554a732a85a94aada6b7928e736

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c4f5e4a3f960fdc905a8bab0c9a7db9

SHA1
b69101f768c2230b6fe7d6fff5a2c78faf5a34af

SHA256
394f969f76d905af98204e3c5880923572d916c028407e41a2a5b8877781d91f

SHA512
a795f8d861d7e535243ae377c8c7726864642a65cb60891417396047a4de1f7df726c39739703f0ad2bdf8bf792d2c33a71d73b12fc4dbc63d08c3348f8b27ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe5292fec5862fd258d0c92ebcb45e4e

SHA1
905413f2ee4d12260ecc5b56f39477984451d1e6

SHA256
c3f7b2d796bec14df05162e395e6ddf60e0c2b6723a2c6e9d6971d839c608481

SHA512
b91113a1c1f28b2f1fc9450c0628f1e0fc6b7057d06a9cb727b7b25747c9691f7f59713a6b95dd3e14fab5cf62cfd030f475c207ce4ce76441c1d54e8003d889

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a23e5822b63031e1235b83c3899961ca

SHA1
9ded5889ff0efc1ab7d194f0f384576b046b3bee

SHA256
014dcc335504d0400091ef3d640267237612ff4b0c1b3e3c0774ac740998457a

SHA512
fca7e3ce58ce13d84bb97186bfe41dd7a4617da16ba31709c12b1adc47684a7355555063a7466481fa130c47317c09ec83c14b168ecd3df66f5efec0ea88bebf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
903cc16e535da924f09ba3c1f87a0528

SHA1
6f9dfae06590420105796aef10a40d5dac09c6cb

SHA256
470b7575252901290c9407d1480543f532959578a90a3d7ac0f5020dad4db951

SHA512
3697fd2702e73ebb4fedbae5f45f9377666489a3be5ca3e6f05c29d1696a2e81e7c05738997c60b7a4ea6b1a4fcac5be90358a9ce5cf7adfec1fe5c994dc5f01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58a60397765cbf8f201fa55176ab616f

SHA1
a3fd187a014ae19d0c7dc95e15ce9e1cb6cb876a

SHA256
2cb18c3e145fac3b12e9833a4df8bdaf949011fdda66e88d8780142802eb35cd

SHA512
ebc463e809e98f2820ce173118c84f48342f595b7716fd30dc55f9dce279edbfcda4556e8c94b004a231f59d6887769d69cca95f830c4b4232ceba89e49e494f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d90fcc1ef85465b15027798c164696df

SHA1
0ee22b9dac4b5231a83a1c9c726586df0ac3e6f4

SHA256
66f28e6ea8057b58f60db2bcbc06e9b758d043f8b9083c10f45c2406707174b5

SHA512
256a8473b92d0c2fabc917c691fc04f3b3b2f8112b58f0e0dc7b2ecb0e72202cfd6ff3880724ec3ffe2ee8498237775031b1ea2c0ff31a8863a2268c216eeb5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b9b446d1a442d3a3cc34b0f68570f71

SHA1
71422b86d6f2d47582577b25c025596c97f89007

SHA256
b6fca799be271f9d2788d8b57c72cd5982edb0dfa7b81607b572e92a4264f5e6

SHA512
b9522d627ecf7293d4bc7e9297ed7acdf4c4cbbb3b2d2bad151a006ed90447407be426b4f4ab77d6941879c1615f4fd412e814f3bee2c2212cc92f013ddc69ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e55bcae36722ce46241da30746f565f1

SHA1
ee868691668e9c6605ed579294f6688274667fbb

SHA256
27226628e1dbd79b8b4713b99b6c95985c3b8d6161a8503edf7923b84547856f

SHA512
bb82f5ba9e6a867de3388819b83e4b16543d95bbeb51d1ea4d7bc1bf3e5304af89d6a0331c495dbd948245bef925359eaab6263a66fa348456bdc06fd3ae7fe8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41fb8d0cdef875e0d198f4f7daf43920

SHA1
5ecb4707e9c71843c295f351241a02d6e5a91128

SHA256
83426bbb85a1ed5d1e530da76a39b4733618b6e6c56dabd844c31ca92bcebbf5

SHA512
1149b8d0f308acb017b2c236ea6711a011d2b5b6fbe547fb89b5c8e54fbddcfebf0bdb073bc09c14fbe0021b66313b4e26dfe5d170c024c3c26a0a068e76b549

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49e5f08e593044a60d687d6454bab832

SHA1
f9b9157e64f67e7de4511d7815d179735f3fdcb4

SHA256
c8f2d23c3898f1a2147dcbf4e0031ee9fc21d16853b12a5f6ac0abf99244fa0d

SHA512
b5f19280761ab049294e067e4f73c39f860f0479e3459d8c4e58f53149ed3d0be50059321b08633d4118958866bca2133a1dcdc8de7ec9164635f7de55e417a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC62F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC6DE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit