c8834772170ae479756536de5d4c39bf744442e29a3c1922c33731816747c3b0

Analysis

max time kernel
143s
max time network
148s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14-07-2024 22:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4725a3941ce91ba23b195b609a396588_JaffaCakes118.html
Size

57KB
MD5

4725a3941ce91ba23b195b609a396588
SHA1

93c7dc8ee89400a0690cc20e17c6a1ee64c1c527
SHA256

c8834772170ae479756536de5d4c39bf744442e29a3c1922c33731816747c3b0
SHA512

505ea0aaf4538e5d4783b39037645f8fcb35bc49459cdca775dcbe263b35090e20eb0758bb45270a2cc19ffb27cb756986da32998489ec4ba1e3664b203c698a
SSDEEP

1536:ijEQvK8OPHdsg3o2vgyHJv0owbd6zKD6CDK2RVro1KwpDK2RVy:ijnOPHdsr2vgyHJutDK2RVro1KwpDK2m

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9EAE7A31-4234-11EF-9143-7699BFC84B14} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427159793"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000e5186f0c8f369d9fadd1d60083bb01c02e41599fdc3850ab7bfb18a4a999e126000000000e80000000020000200000001f865505e864a95cfe6ebbeb16ab9a7d45286502ae7d9860a63dcf6ad85f697b20000000eb584ce140f56d7393e8f75ecd57f56a7b33b66999a59eee99c656990904879e40000000fef920d2aef71ef95f0b27b88941f042c98c658f21c46945b88840261c67b3cdf2efbddd0affd349ab5f3caa46d92184f206ce25b4baaeb97a243879861d223c	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6058737641d6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000007501adee2d14cf25b9560111c8c05c4c49269829d83c6f14fb0f4f86e1accee2000000000e8000000002000020000000c8a5890c5b76ad23ef726e67d7d863b3de15895dac4a32554ccf67b0c6cf5dc6900000009efc82d237f7e39559e9e56bd9ff4a8a431495db5608d03a4df8bda295e9e84e57b6e8d758ea2947aca3c4aa0e6d092ec95df25826fb1f003f771968aea1cece53e4b277b8cb7c750709192347b958b11e009a78aeb6ef08f9d50a85eb26ee782b13bc13d887c43be4f0d748f70378dad9f58a7f267fa2fca8bf0dd2d295f10d29aad4c0fdf5984ba8ae1f9bf57a9703400000000e04319742243a1884851b0e19e6010642c82b5bd4ec4d72e040aab14d67dff249d298180950449185824632f08622e8d2f426611dff8815e2a4bc021ddf43a7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2120	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2120	iexplore.exe
2120	iexplore.exe
2464	IEXPLORE.EXE
2464	IEXPLORE.EXE
2464	IEXPLORE.EXE
2464	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2464	2120	iexplore.exe	29
PID 2120 wrote to memory of 2464	2120	iexplore.exe	29
PID 2120 wrote to memory of 2464	2120	iexplore.exe	29
PID 2120 wrote to memory of 2464	2120	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4725a3941ce91ba23b195b609a396588_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4506060dd3c2e748a09680bc74208ee4

SHA1
aebe66563c636912f6365eb4da71d192bc916f58

SHA256
9da5edad82f37e1a87ede4d9be7418fde5ff1ba97635220b99c50008c3d61177

SHA512
8fd23173cb0b2030c4d37e937e1918645967e9e09ee9e516ae4642b6508a3d9dcd70d8fa3998afe7cf6fa262a8b629da2d3f59418f8e17eb330b989278f65684

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3f128e31caa09222f17282ccde6176b

SHA1
dcec0f390b62e87efedba0eff24e9f0da2dbc0d8

SHA256
412129d29da41cc279b54625e1c5369baa96c60371cd1d5eb8e6efb39c91c1d6

SHA512
19893d157c5c03b453396940fdc9162cc6fccc2859dda9aba94147ab00eee326f52f1f5ac6e796b55d4e3a67d66b2cc11c85a94c69e400a4a16d5e090faabd14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5322105d534390f12dd89da3a86b29a3

SHA1
2982feaff3ca2dfb52367a49e0483b18a3932165

SHA256
e68d8e9776a65af1cf2aa51458b28ba3e8434dfba6dc3a9071d2d20b825b21db

SHA512
30cb596fd9c33a7f6526dc010f2ccc7a44840ed759dc5cfc3b977c770b0d5a6b57b870d0201cdd390ad986c70580095bf7409d37dfd5fa71917d01be8e581e04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4addd5bc074485bf091a02ca1d2c7b9a

SHA1
f91b3cb27d90acae25df3cecf965d1bb1e09111e

SHA256
da5aa9b0f4e503d1ce8fb7da62cf813d9e9671ab8f6856af297a942b6d7abd2f

SHA512
e5cf716037f8a330ac6dfdb910324d6b3b3532049bed9721b4a7fc4d244f559acefe6bf626d9be3e991dae523a28325607dc029b144df47b4a8ce5cad3d18250

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8a5b1ad2c47359c6e91ef16a8a27656

SHA1
309305469fcf50921008b88e02d20d9449ec5f51

SHA256
0c2af16eeb52ebcb1bff6a34b25c24ae208f928c54150fadcb31fb88ad24c989

SHA512
c2c905170dc3999555fe107a829fbe927b12f697e03e00ea4a482e0bde39fc6b6cfdd53aff6bafd1ee880abb860039f7e8bfc01d98037ccebe1fe64357ee874e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bb49a09fc955ffe7da183d1ff8a8958

SHA1
3d2fea75b4fe86ddc65e474d60171751ce8b7564

SHA256
b2f9c2cc7829540cad133e630946e7133ab8ac399dec5bbf70eb3148de66a069

SHA512
228ddfc5c44990f8506711b6cd7953bd3fd3088fd414d21347eb6f4ff8edd4b7602a1a75d9012ef951f786a5b3c6b2bc1232e02101a44f460aa6a99cbf3aec6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e52093e5433f977172a94f739ebab15

SHA1
33c3b1b8420bb5636a8426711ae4ca7e2794d1b2

SHA256
6f405f3455d4f4d42ed483924a300de638f5519938956041f259a1a8f576e332

SHA512
89cb5295d7fe193497ca101128e0ce57da1aa084f69421c20e5cc9cd9717a24d0152885027c32aa3d45b4edd01393353a5a2482088ada87c6dc88df5b6691c2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e2c03d4860abdbc3bb71080bfc7294f

SHA1
cadf03f4c6b29f1dacf3263922e0bb3858c57600

SHA256
673c07a1a3886dfa100bfffa4b83986f4c2c4c4020ffa95ce13d37cbeaa4904e

SHA512
f5e9abea9f0d86afc7a9f9498f19b1e475b9bd4632cba66f343caf5fadf76e983b828271a4c443ed7b097fe026f1eb6ae5b696a40dbbbefaff500aa12c74066d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef23567d0d52ef1bb08c235d7cc79f1c

SHA1
7eba030069992433930dfacccf577934600d334c

SHA256
2d3c13e20ac4d7af811fff42810ae1f558756bf31da8e5974c5332e6317b5521

SHA512
e9ef057de9486804d49c67f1c362807bc74ac33fe3be415d74ffc539bc2c7aace1b5b0a0e874ab9983ec25879468d50cb7258dba3fce93e42af928c41be9cc73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc420f3daccd8d15bf0d648f1c05516c

SHA1
6c3f65c6a6a513389e5ac43ca3679ad3c3a6b343

SHA256
76d3eb9215cf11839335b65247611f3850d40fa29b3d0a395fd9786709bdf366

SHA512
b4f7fa57188ff13a573c70b010a9f31ad4d64acaa2b57af33b0e9b60aef843ce1ee4077cb10c33ad5461be140c32a526ef35ae60e01b8e48e868ea060d8be070

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51bf6df5fe5adf8cfca3e0ea625e03e8

SHA1
3c2e322a8e60e781a6d629e08ba16bf0aeee06e0

SHA256
73b304db57e52f50d27a643819dc1ea4b229fdfa426075593a3a2cdab87c7bba

SHA512
53a1164ca5fa3c848ac5b09eb1c5a34ce9cf14c3e32c1e3161637798c463f0b8048c36068176d3fd7d4478c91d26c50e939e27cdf5a87c4f98adba15e25b6939

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5fc871a0b92e438456a62db32c71a6c

SHA1
c2a5591cf5613f0a6e9ff0380bf320659ba18c1a

SHA256
7d8770fd293800bd053af924aa10625dfd057101176faf36f8bdeeeeb84ff251

SHA512
361fe5c6329b509d195244a382058a9ee012ec572f6079686a423ca870fb5d3e0c459481510ea37d28d115b59c48d90793fb4259fdc668f12e027593d8d6b4d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52c59feb7989cad6f1ed73f30d98c0d5

SHA1
9d33feb5ea6c9ac7b5b7e2e633d1f60f753e4bf5

SHA256
8aec7f37c59807f8328fee87e61f1a303f5a0f683ebc2232022fb845cacd998b

SHA512
cd6cf5e116c216c716d70ae360caaca47b0e34969531209451128088b00b3de1915054be76005cfd79131493300b9295c6f8f4349f7f053fa04618638d7b0bb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7d655c04239306d1a320dff5478cf6f

SHA1
69a4c82631e3647bc0698976fdf938ebd8c6d38d

SHA256
c68f8b5617dab8e6ae20a8d6a76ab8bc7629b2abf18320cda5b1fffad60eea80

SHA512
d931fd3145203434f91dd4db44b347d50d9e12e8b8e6fe902a6c2cca360ff48de06889c6a3e304d236f1947df3bdb6ed7ff4493ba5ba160737292a89a94d2f3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71c0f1b45953c29a0a644f8de08b3f7f

SHA1
c4aaa25ebc55f0ee3bc62bf61b02cf00dd4dadd1

SHA256
52cbe2e6953ea9ad5ac791c2b62bd4e6b0334b96579725b23dbf2e1ac33c6a7b

SHA512
58dd7c39fc60936541d086468f43a89e51277262abbe28e1c33a522a6a0483c3265ba82d72b3a7e844c880ae8d187cef19af6e3e5ccb659830da5b96b1620686

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66b801a32eda13bf2bfea37c9e7d6e6e

SHA1
a1b1422e570622e1a542077b5d3085aad19946d6

SHA256
6efb0c1e4ce3bf0fee1e3ddb2abf6f1f419e9923b906154367bfc047607e316a

SHA512
bed2a2c653bbe902e2cd059eaacd513a776348960e08d57406c39904ffe6eebf172cca50c488a33d92ffcf3bb9bd08e468b98be7af00b45860d7934132e0bf57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFAY0EOS\f[1].txt

Filesize
40KB

MD5
475e206f5f98cb143f27ded88729c733

SHA1
873d630e619a7c48b3e954bbc7c39a4d100acec3

SHA256
364ab63eafa9a0f973d2c9b5528cfc663203e817c1979ff200d12e4149d8154f

SHA512
8aefdf96e9aeeeefccd5b855f1cb3c9fa01d191790ab259e30727804c21011c59476f02154bc23a0b25e748f7b8bbfbdf6810bd2a5a0676cdb28dbd76775b489

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBB17.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBBD5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit