fce17be423eba532837c0a0eeef8d7de01ef8c98ef625d673ae36e4d144f8175

Analysis

max time kernel
134s
max time network
127s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

462845122205f48131dce282f65418ad_JaffaCakes118.html
Size

128B
MD5

462845122205f48131dce282f65418ad
SHA1

5811203c8c2b1cb7a553bf509a0a16504ab10746
SHA256

fce17be423eba532837c0a0eeef8d7de01ef8c98ef625d673ae36e4d144f8175
SHA512

11f5a3c986637e6313dab39a641577a420611ceaf24f087c4dc5517462706dd01447cb43fae37e5c6c762f59eaf70a855338700a2ffdecc2e6283f91d48be994

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000005b1e92faa9170d21d30e992bf8bf4980a8c4cc85a8aeff8e06732bfe5861d4c6000000000e8000000002000020000000273cbb0843eaed1323cb75f7041bc98ad4a2ddcdfde0c17ee4e13046e566bbe920000000a0ab5b66f7dd1a4c2d0fe851f8d53a3101d8dccb8a695d1c1801286247221bcb400000005cfa5dd007b5390477bc3cc05f6cb127c99b8ea6a2a5f8084f0b67b6a490ce8b5021dbc4a857dc7ed0aebdb5f506c231d46efb47b29b13321bf93e64555bd6de	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427128124"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000b9b9c86e6cb70866d4d54fbaac7776c25ddabe800c89d27fa21b0ec7be41bc10000000000e8000000002000020000000026f82e9e562fab3adc717c902aec55bceea9f5118e3de9102301850fa6364ca900000002dcce4b408089bb40c76fe154fa4b19ee2b66da3b9dc191676524562c0871fc63904760ed7a4d7ba8d369846c9107efa5eae4684015498f7648bce4a5fd2448736e83c4a86e44df24098e474d7b30bc230f3e19d8fa5b92b8204b93b2a43f4877b0b8cbde11cd99b1f3f9398076b04aca4b394598525d1ee843c4ac71493e4e91281c5a2836eb9074212b1270cbddf584000000021309a21b1fb554a83dd854f2e92946423aedee8dfc301150fe1e686dede52e334dbe898a3638ff2d52ed60c00e78fc8c46cc83b8f446903464ef528e68b7fa5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E354E881-41EA-11EF-B557-C20DC8CB8E9E} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d00e9ebaf7d5da01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2196	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2196	iexplore.exe
2196	iexplore.exe
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2788	2196	iexplore.exe	30
PID 2196 wrote to memory of 2788	2196	iexplore.exe	30
PID 2196 wrote to memory of 2788	2196	iexplore.exe	30
PID 2196 wrote to memory of 2788	2196	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\462845122205f48131dce282f65418ad_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2632df103ba64eeefe3ba88b42c1bfb7

SHA1
cc020f1581cf436e668fa1b6cac54c58706fe348

SHA256
8dded3f3dd4cd38b7d057b695d01ebf86d293903d384831d8445beba70bb3071

SHA512
dcc25fb2576a8018c218afd0a3dd4162d884a93adfa8c345202ba0fae757ebc33b8e0035a8688ddabd37e29bee296346c3d3cc900b03b3fbe45ca0d1eb5a8d0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b97291862a09a99b13e8ac7800e05eb

SHA1
230f88cb9cc31d4f5c7a33aaf8f4591f03b61ca5

SHA256
62a654ccaba14137a0006febc21138345c289d0e99f2a9f55ad4ba33f7e0356c

SHA512
777ca10c95d9a840c671226bfc6bdf1f04ba77262344db5512457308945510144d2a12765304409ffff664edf89e3551ddf6dd45a84a9c3257bc12341cf78eb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1589dd0f2521418469b9d3b77df9348e

SHA1
15f3c984629f42add5fa510fff662127578d2887

SHA256
c0d09b1e7b867f9837c9f70ac7797c99605e8e72e11b873e478146df93cbf0d1

SHA512
9d0f6c55e230f1c1235fe14fe617a9f5ef84bde0d317d884f2481923a7ec06319109718c9120710c052a9dc2dcad372ac7a7b07689c5564deb46cda7da545aed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
203860a3908be53cd9ae46d8347fd89f

SHA1
03113b72bff054829471352b23ea212caaac6aad

SHA256
48fe9b77ab1f978e5c160213cdfcbbeb802c9be9ddae2440af979ad5f5986793

SHA512
4ab110b2f78529b092ddc71ba7993f962b942ddf6080828aee9e80d247781aba5388c93a568c05b047c96bb0bc6280fb1078dfee32a3feef35c5ab7da25676d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8f7a89f8af86a8346021faf4a7eb749

SHA1
04b97f1deafc84b7ce56b0b94763a6ddec9bf056

SHA256
b8db5127623b4372ac9ae7f709e055a351c64a818374716a143afff194d76720

SHA512
bc8928c1bd13e24f003b42b77f8042f94a4c56ccafed6fb3f4925bb8cd5978a6c2c5d3434d7c748beee95d69b1a84e542d4aa99597e4e86ef49da6ece7ede5b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
837015c49b062bfd5c728bb2a101be2a

SHA1
87883e0b324cb9c4e3bd370bef9332ac974bf88e

SHA256
f557609abc13136a7bca40cccccc252e499d83ffba803db1e7cce23274c96cc5

SHA512
99038ee31ba916ae3865b7e03508a13269ebce28578020f34a9e1bec61599589268c1d5af28e0990c1f8cf69d9f2c9e1282aa5ca53e89cedcc04c1c3d07d672b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6eaa995a409f45403c05387d11d81aa

SHA1
f4f7b9252a45457bc9bb3249301c380485a40372

SHA256
4b02cc3bf4b6c4dcdbdc7d658686ea79ee5b0e699c1252d3576d32106eca0881

SHA512
06f7918cc0082f6fc27da791d0e43e2ab4c86b24be660fbcd19aca14e90f6fc86ad8b085ecc7fd2f94767acf5a571f8b810539181a3ab316e840719bab7813f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76201386d5ad9adc4ae7d2f556effe45

SHA1
365084ac03c2806b603ab2c9c45455ccf0fc7a17

SHA256
f5e38692c7e20a53d0429a4c160fcf1f83bc16adc29d939e575b09fdc4a64e2b

SHA512
7be95e18a834446c9483d2a1ec825d60af2a122aad98830d0053467db1e3230a558fa6c1d48554c4e30a435a3442ae0bffb8deaab19b076ee6309602f8770fce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e90f139ad8d873a1a6d9758dfd0c0b9

SHA1
ef2ac778522b5263847ff813cdaa69940c68ce28

SHA256
8008dcd170d5e32299c31f8d3f8fd24c81fc360b1ea5826f160e4054c955b208

SHA512
d9dd7e4effaeeb2a558b0c0d08b340b2774d36b53511934d67987ac9cd1e8b1b970b7d2e916ebe3ab62452c3a9eff656d3d6d5eb37bdc4eb9754a056cb0295ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8d12cb81c839a612ef6c56c01c83a47

SHA1
167deaee317d0b8178631d97b8d244df693870f4

SHA256
218cb5a602bdcf8a7f3a6d49db8f87b7b198e43c1cf57f853e96e5dcd34f3a15

SHA512
7dff4a81ef60e20870597b24b3e75cdf2264376821a152878358484b195a7a15fdff03765ecb74c78af29e843748f7ee8daa238e19bffca1bdeb62f33027014c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f7efe5e6546f4a662a17aa256c081bc

SHA1
cee17f7d34e92e20297400ca5b98dccdf17f36c3

SHA256
116554a2bfdf787d17426908df2f7e36b908a07c80fc9dcf7e1f3d4ca8abde7e

SHA512
3847d3826c410a57017e04aad4761c46cb8822adb0eec5ba9184534abf684b967cff328f8ef8d5debf34d0574036c20930ff1069554b78a0290df2da606eedbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e302212321f920eeb0f32aa1c789217

SHA1
5a83b78820065ccc2f327c94403eede5f000f0de

SHA256
548435eccff5b676cec1b95c2febc7f48212c4a0d3cc3daff80e72f4817e2fb4

SHA512
8a04b4aa88f8af81d7b13624b2d2d44fd3ece16eef41d03fab075629b887c279fccac51b8cea5b56b5879d1649acbdad0c97cad929331926aa39fc469c77a292

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d46e9b593c4992906710d3686981150a

SHA1
802cae5c77f56e01996e476cb8c664e0cbfecbfc

SHA256
cfd43eaab678c633144baa591574597df7e4653fd7e31831ec19b7357a0bd18f

SHA512
bf45c84c71cc78d6a6b9d9fbcd520f1175722eb71e3782b3a7b1a060efbbf5887fd78539ce7c8355b1dfd1dbb9a97dea1f4d860d4b1ce2ee0200dd650596577b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60c78ea3a4866192cd7aa8bbbde5f055

SHA1
0816eeff260fcc9bef74f27a9fe5ceb5af4f1c63

SHA256
347281a323b2f577194ebbd3b290f6cc6ac40fc242346b3bdc93ae95169a5799

SHA512
aa912b6122d4551bb234bae43f1e0d55bc263d67f99888ade92062050bfed0612751dc9772130fee10aae6d7cdfa30e074bc3f8015a57aafc680db2ee218ac2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc6482163e375f5f06305ca7d62f0721

SHA1
62228dfde580d3942f0fa49dbafe220be7a32fb1

SHA256
d1421a64f25329995adcc0b5696a44f28f3d97326ae489e6b2254ab59fffa8e7

SHA512
3ac0f26a13afcf4f7a64416dda850712e711f8f6d772dc4de766811e3fa708ceb1c51d2b5a8cd003e79f006e02d8d7477cabc33f2c34bc74bd4b2feede4e296b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37253951bd2b6fdcff9d19c9b5b476c3

SHA1
596aed78192c044d25bda43237fca024230edf14

SHA256
c891bff63458eb6069e267de14806cb5491826711b58ff70aaceea17c8b74a5b

SHA512
b3792d8062a654ee4466c6e073bcd7bc8171ba2273da2a104d205097049b73ec7a09b6a1cbf5c4fe07b70edc510197af990e2e8b83473f3e56a5a56a27c96a52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e673dd7101e15e63097984e1d0793c1

SHA1
d6da94384023d40a4eee4b1df6743fceb18e87fc

SHA256
bab1062d6ace451ed36f04ce104fc12d13e89c9bcd917415c2925b4fe0ea3bcf

SHA512
1a2c951518ef49a75a30f8b93bb0615f1948f66546652fcd2a164010278473c30a593cd4c08b543e2ce7ab99f3060d19fd1b39ff8674c41f1a797fb1e4014c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5D10.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5DC0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit