1daa8f63fc96d0c63e7abf37586ed6ef47f23e7d6c25d7f945ba9a417f4e6568

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 07:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44e12954119fd5c5970941eca128721c_JaffaCakes118.html
Size

6KB
MD5

44e12954119fd5c5970941eca128721c
SHA1

a84cda591eb45125479daaa7d5ced893e8d5e7e6
SHA256

1daa8f63fc96d0c63e7abf37586ed6ef47f23e7d6c25d7f945ba9a417f4e6568
SHA512

9db2ae36b56af565d0267f4a2d73c14d4f4096f5280502c38213efb91ef726cd7a62b8910eefdf51b46eee81db6b25b1f286c8a333b375885f6f887b700bb98b
SSDEEP

96:uzVs+ux7LsLLY1k9o84d12ef7CSTU3WcEZ7ru7f:csz7LsAYS/pb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427104206"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd0000000002000000000010660000000100002000000002f0c173f7c9606987f549d491c61bf8ecf636889001e0a048581fb6f58edf62000000000e8000000002000020000000dd2734f3626594bc252a553f57ec773803a9b8c8b584b4def8a65bee5e7330f120000000f5af7fa5b5cc227d0994a07a5a9a05392f0c3535e3bfc580c64219d18840554140000000681ad0890487ffbbba7fb81cac221cf892925dda453e29d9da968e60312ab30e2e31b62af6fbb78cd8f9a7e87e19497d7e238f9f6bc09c4277259d6edb87a03b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000f188d4381193c22a62b686bc0719b5b666e9752c8f4eedd8bff54f574768ce76000000000e8000000002000020000000bd2bea61a43bc608418e7f2de9a0bcdd7ab433392702c70d21c33cb54793f75b900000007d345196515140c38e23e69f6296f121467105ea4a4ff89cc347befd303af7c7a18356df59d50cb01f0acea9d79264bd8c68aded419a265123f1eaec251e5f1f036efadd8bdd5da34b412792084ba233191db48ef20050b6ea7291f07fe1e2ce40b8087c92bea054dd698dd95c35671e246f467545dbde771043dd86def0134a75b83f6d0aed423ca7f87c6a407af2ba40000000ed917fd4e90789cc8b14997fb90f17c8db7eec7abbdb65b00f98aacb023d6fbc753aacd474981494f77ccd7def284b2a2e6f3a772de8e49e00c38934946fc95c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3302FD01-41B3-11EF-AB8C-CE9644F3BBBD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0127409c0d5da01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1472	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1472	iexplore.exe
1472	iexplore.exe
904	IEXPLORE.EXE
904	IEXPLORE.EXE
904	IEXPLORE.EXE
904	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 904	1472	iexplore.exe	30
PID 1472 wrote to memory of 904	1472	iexplore.exe	30
PID 1472 wrote to memory of 904	1472	iexplore.exe	30
PID 1472 wrote to memory of 904	1472	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\44e12954119fd5c5970941eca128721c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1472 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da9a05c2811fd1154b4b77e4803b196b

SHA1
056a136d451655f3b85afa9e5144bdb0cdd683d3

SHA256
b1ec46f50ab1dbc58637d9d2886fc2682ac931efb21df6d97c945f16f56f318f

SHA512
0b07b6d54b92c3862f88e6a7eda0fc96d13baeb09fbe747e054a4e4b3ed560649e1d7890e8aa3d56873f68fb0bb60cf59cbbdfbd3b25f828ebafdef99dc66f18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9df0f9c5f1cfcc1b2bdbfe7913d2574d

SHA1
c4172b56123f0acd0a596fa7d1c2cbdc1330c51a

SHA256
afbfc9e032978d798bddebf820206fe3a1f12c8112540a27852e40544091a825

SHA512
85c6f92d83a13def6e4aaf3a77a093a340fbe8c5d3c9d7b3472cc6162ffd448351621e54c32b7094fe3b58e853e39348805505929a3aac7af804d2e0b4ebe02e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c346dc44bb71d4a70f24f6b25b7278bd

SHA1
ed849322017ac0ad340069001d1732587f667f95

SHA256
12de949a9bc78bc44fa390a101866c6d39999ccb8332011b860b4574a5448d26

SHA512
3fa966636a035b356368eb60868092d6bf087462b801707b2f345b7cedc38ceec5a8a8463d8448233403cd7bc018f79be0f30a7a417829dc48e70c2000405866

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2aa2de170883249d9214f20f2b913a4

SHA1
a22a4707cb30644483985732a360c12d42593fd2

SHA256
6fd666e41a6dc3c57375ac3073ee4a57fb7b3089bc82302cf23e1632606e23e4

SHA512
81e0c1ad8dfece7824bdbd59b6de8fbb2f482fc058613ac67b5aa210956f8ed3910d7ffaa7cf619c7f1ea505289d64a490c4053cc4ef51419088251aae27323d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50263e7d671b26a5fad81dfa5d01cddf

SHA1
aa7bb8e26d569d307d1b11f25e69cc8d1d7cc274

SHA256
0d8721eaa0b136574355f845cff4f28ea8806ce9f41dead6eaf2d2e7d10115f4

SHA512
a3849bf1c2820c760b068c1a12a9e3bf985de41236134d9a2644648febed16a65fd2e7c81951e7734178f092473112eae9c5ae7d51482205ec37108895a3f10a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0f6b532194a6a041589a95317dc30d5

SHA1
66215e2f5f2722703499c3df1a14a47077bcd5de

SHA256
0a5797fad25e49396397c611dac5736cc42008983b7a6af237929296893859f9

SHA512
a7d4986d2907954e75e7ef18a9d51b18bcf9fd0af681fa2dc3eb381ab003dd24124144212800a771a2137fc11f1d765663aa3b41c989165421c7edef648e04f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e721daaf942b4fd401959ea736065ac2

SHA1
78eb120790935581edb8b057155b3c023c60a6ef

SHA256
6fb093d6969c6ace6bd163ff9f311f679083005222934754a7aadcbfb8273915

SHA512
0ff17351c0189f4a4dcc68fae029e1ad2329faa79ded32358085e44756e48a2c31ac9fe7b146eda1e9f8427f6750342f87214506b86c4399dd844b9bbffa7eb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10100b238bc26902024bd87368188759

SHA1
d6b7a237f8746bb593843df8c654f79c066ad48b

SHA256
a8538984ee7cb68a1e0389a62466a2b44cc99cdd51a4deab0a1205d27021ae2b

SHA512
9ac292e4a9e9735064322be1c82468c87b4caa1bac7d91de400b23b74cd6178f37f1e8c155d970f92ac73474f16e56e7b947ac0bd0825edf3b58d24e7fdd3f85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6246ad110ccb2aa190eec4cd98294a48

SHA1
89c3115f014cd96897e4b3f06840644085799bfb

SHA256
c840449a58a1feb3fbb97534cbfc56bd5102ba03c8cfeb1c16a7c8ebf8f86d39

SHA512
27b63242fbdce033df19e87cd3c4ecb7c1856f5679de2a59c6bf414d85c1c1413ee5151ce0baf053e07009417ab38be5cc5ad9d5c4833061b64150fde099f5e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffe78ffe51051a7395738e1ec8a592b7

SHA1
081a8d78e1c548f60b41eed0c99d7c0dcb3d6d9d

SHA256
16f86e0d9dad9fb0265b22905765f5753505d73798794dcc145834350f977890

SHA512
87e38b75a1fa30780d04a395a1d1b3af3b436f4a0bbf1e8ede2ffce716021da4148c45409335aee4d32e238a8ecce4413e50508a9457806f89aa322e1e648d6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47c0fd0355e84668c295390493e92ac2

SHA1
a42b52b38d3ad95365ebb67a800e5a0b0b35e37e

SHA256
0d4324764d8a859207aeeab022d153917ca769dc24d01c578b47d3cbc4c8602c

SHA512
f4782259a6d5cca1bda6bfe1e333346e7c28f971570dd016e253a2f53acf1e1ceb4e3479264c18b977162d52032a40ec77e157ed0b76d2de12996fcb0f73a050

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb8a34fd8881963c6cc355130a26795b

SHA1
0b49f0b529cc96ce4997c0c277ecb30181732a07

SHA256
7bb2b00baefb1818bd44d9b7eb68d9ccae6e14b0ca2a7f58a1014ef618c218d5

SHA512
d111c31a5852074df277979e3f673a762419a3a21817c7d9c7f8dcce95a71f88714cc7e4994aac51e659f76450b3ed58c4265c4f86f19e13c8259f811940c79d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80ab869e76d275300ff272fbe1c29a73

SHA1
aa3667e11d9a3b230085799492ad5b93a34d62d4

SHA256
cf82028420730fe009fbf40d4f53a98ffed405af118069b6a1beec2fd354e9dc

SHA512
14ef6db0fca3995b8b43c650063651bcd6cfaebca92aa72e61a1f38166fd3e03147428e531f42ec105d20706d62609a7ff2cd40544f9b7de56da0737b3d7358e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa17843bd201b171114d90d54447fbb2

SHA1
4639674b53dd157a88069845e2860a9ab44a9e55

SHA256
e2bd022b05574542603258e76f63636eeaf360a65cc325be6c9fb9fad15fa2c8

SHA512
f5b0ea8a843fbefba5c8a65d75b32689e4f32fa44c9b4ec6685515ab8239320f31059d2f7c35697da7575967a0fa0e0d3143fe8cc4986ef38885aca5e989354e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfb5c15e002a08878d728c99bc3be026

SHA1
78e60fdb2f89b3d6b0c31945b7cda2ad00c91b75

SHA256
86b55d06970691212aa7ec9a1f973a00c3bedb3fe32bbc49a304fe7b107f0e36

SHA512
bca8630ea5ad44f5d7d7abf5847e3e145a03b9b77dc553b8454300d4d1980092160efbf35131e545647524c0db34a74cc5509890ecc793ac05d71f9e43f3f0d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc2ff671a4e23304cc5d81f6bb249694

SHA1
844014e711589b2545ff550557f5b1869cec37ae

SHA256
8e0d7d8b4d79358c1db6039b8c924c60560ada9c5615568865523aeecae8f577

SHA512
c5cbc7e252e1fa3d1c5a6c9cb38da508dfe22d86cc0d4be04c985562d6f9266ec8094f0ee8c24566345a146331d2b2fca86c4bd14c503f054784f474f29f3a56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
012c430fb41b91f2e664df5f8d0d24a8

SHA1
fcd3a8bb9ff3f73cd6f69b93c97e8c2601733141

SHA256
0615c4dc85e72e4d8c1530f7801b32423e82a1e12207cba02d3478842231bb2e

SHA512
ebe3117686b0e809981feef973df1fac0946a8a61fc537de12456459994a38d94d3ab249aafd0662d3a28794933178e03d73df0c1835bb77f68f42769ee97045

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA72B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA79B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit