2c9cd705efb29429314b9e1b6bf6ca4eb4f3ec3b3de3f55c9587e10681bd7404

Analysis

max time kernel
143s
max time network
146s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14-07-2024 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46f072782a22c1578d3ef5a81580f131_JaffaCakes118.html
Size

91KB
MD5

46f072782a22c1578d3ef5a81580f131
SHA1

d99c3f2322218e771463fa36f163e54d98d0cf9c
SHA256

2c9cd705efb29429314b9e1b6bf6ca4eb4f3ec3b3de3f55c9587e10681bd7404
SHA512

6b4102cf349c31ce36e496dec729fa8477a42198908971f72d440c6b0bcffaaa8f5991a2e85e179a5376ec45a095f0a7122ba49633ef2669cdd286b028d487cb
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fcnjjHAbkTLcMiLcZX2WEip:sseeLUS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000109e57c9744df0f3bd0cbb20af1d29a44dacb5e6807f5af9cb6d52f16796afd7000000000e80000000020000200000003c99326d346ebc7cbe897551e8db67588ee7be832d73a7f9ce627ffa0c01a6002000000028d770bf8892a97569109a87d8963cdcd1ce88cedc60361be96f035c9b24c6794000000028e9de6e3c7e58ad019031992d271ee13e4eb0f21ded3bd1127d6e2c1bddb2f925ffc983cd87ae8f4282a9a277a657913501ee278ca41dae1fe012c0bcc9bc61	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80caf75519d6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427142518"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000525f081238810f133a16d756fcfb529eca29b73d36779f36e46e89dc53eca0f3000000000e8000000002000020000000f039aceff2982e62a72385fcf20860604fc625dff8440255deee27e877ae8331900000008467ddf563bfb6afea56df5f321a91ef2e6a028b830673014ed17bb653df4cdfa6cef8da2976f0290d1091f9dc56683a4d1f329ffe7f2c2c6a0318c2caa568823a403bffe85f17e40fd912286a3e98b1567c38b9c6634522662571c7a42bda630df836246f19dd16456583118d649c84d9f3a22e18991b03939df1606d12329ecdee1c0cd0a6fa5cd4b2826422ce163540000000ac0ff2d3cff44ae08e761bdc3377ec5352217690275d359cab7d6a1197c553403ba6456de2b4d8c65d2eb950abbeacf77a286d4002db990bfa0dec2eb86d7c74	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{66CE2751-420C-11EF-8912-C644C3EA32BD} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2376	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2376	iexplore.exe
2376	iexplore.exe
2092	IEXPLORE.EXE
2092	IEXPLORE.EXE
2092	IEXPLORE.EXE
2092	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2092	2376	iexplore.exe	30
PID 2376 wrote to memory of 2092	2376	iexplore.exe	30
PID 2376 wrote to memory of 2092	2376	iexplore.exe	30
PID 2376 wrote to memory of 2092	2376	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\46f072782a22c1578d3ef5a81580f131_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5419c369a62a956a0df03e9d54b55044

SHA1
58b524b0baf8dfabaa50b60338c43ada99a825da

SHA256
b55403e103ecbf6ccdfd62271ad0793432caa2f947c58d86d8271d08c474953f

SHA512
f7b37ca50719768af90f1bb5824f0ce7ca3845a47c439f9c1a7e2961bcc392ff1c174328ede8e36d4f0a2ca2ec828019b43d82ef682a69ef17ac0156732a53a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e10370e5737a0e0d3087d1ce96001cc

SHA1
d990827426cabc7d70ad023a53672cfad3d0d1e3

SHA256
8815421ad8c989f38ac17796b3875b61c4db276dbcbedb542846df42e0f9d5ae

SHA512
f44c108901f56a8c880a7a7ba572d356d48b05f18a303b2c2d0b02b4e66439e3b841ecae9d3767647d25993a372794f97ae8399bb60671caf77ccc9a5c07aa68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7cf221401a3746ef275cb5972134d8dd

SHA1
f6724066a4d672c0a2b5ab11ab8c21966a14b3eb

SHA256
75bcf0707af58e0f7a79243c443c15a13bdaab2dea3bb562b706c44e5ee71ec5

SHA512
60844240ef4f2f5932bafccd6fd8032d0dcea7a4a2a7d85b0159f0ad644c0baad6d087845c790471d5ecb9f881014a2c540ada2393dc8fc7830264babc075f77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0218a6ada87fb62af9a33229584ad53

SHA1
c64a96947805ad37ac8de998c699e2452fddb179

SHA256
5279828079176799bbf4dcba7c62d3597614cec2fee4731395aabe0305062bf0

SHA512
fb1e677353d7442be1ded787843a983a8c2ca96dee9c99ae25b05390a90250615fb310c259ef8dd07cd650a6df2783826dcca1730712f2b72d38c579d4be13f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc64e905a4f3f6fb5122c9c99801a134

SHA1
74bc6d3a9f5c14a5a1090fc5c809bb4549b0a8e7

SHA256
95bc5d6edd0755d1f3f3563092c6eee2a567327b0ce5fea518faa3f081e39041

SHA512
54fcd2072e363565e2228c2dddc7635fed2385e796e783c102713e006ede1c0d5dd2c2c6604147198af469d1d7e463f68b21f34ba1ab1ce2408315ab43e6fc4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3874fd4b935f31e986046517783a7c2

SHA1
bc9ea950ab990e89e5c64813e83c9fe0696b41a7

SHA256
7e014089cee265b959159dff5c28bf9ee86201e9ad93de825ddcba00f67f4076

SHA512
1ea5be78b6ffa5f5735cb168196bc29c89aa59f2369c467df06bade830a0ad8e5f831c49e4efbb6efa8b1a2556c669eb3727699c791f8be8f9a3a4f90cbe8e22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01e2dc555af41ac4e1e71d73f7f8e67e

SHA1
0696f6bee320d28d79d277af7f024c907a782389

SHA256
15a2a9fd2b79ec66f0f353e3d5c83fec010224a314b7acd7d86d276f1ee7057a

SHA512
28df66102e038de0463bd9244d8b3743741a4909b73df0b5a69d7a84a0f203c1fd072f553bac241a1c23abb0e9a51dd01365271cf9357a3e31abe062ff132bd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5bd278bbb5319ecfe48ab9cab9d3cf5f

SHA1
f187ad3be1f56ce3d16fc84ce666ac86c87aaaab

SHA256
6399bc5d6d8b1987923a52c106a1c841d250687279a5e149cbcfb73a6b17bccf

SHA512
9d95c3b315a641fe84c69eebed866da449ea2c510dce212c28f21dd6167e673166c645543bc5037a8cd24a164f75db7cf8d5dc874087c51513462baa0fd6ef75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28ebb602b18d2cb989629cc55c9446fe

SHA1
553ea3b3a9d65b360e30d1212b381d948f8e43fb

SHA256
acf9c15fb0c3e2867544b48953b6ba27b47c8502548564a0f0054d2c37464aef

SHA512
c709d08fb0ce640ed3d056b4cd4374dd7f7e81cecff7cd8d39721731104b9396d37f8f3395f02431545e8a2ad32ed9030e2932f5757a91045b0fbe718818bbf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d56a14dcde4d9815484ecc698931db23

SHA1
3a7e4e53884db3fc9cafdb93ed1b6fab4fd98ba3

SHA256
b2f53b6f51d4dc9b472db1011ab3e088693d811513c81f1da75ad55b381e69ce

SHA512
50b7e3a2f07db9411e83898c88a4c44e49142a0c29d08c6d943c4538dc19f75225d1eb4c83bb6add1fca4cfdbc845f87e11197eec730ae437e3475c1ab9a3a20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9a4f5f345f97c4243f09708ece41818

SHA1
ac9f41cf602d80c1a7dfc5fd2c39dc8849c12d68

SHA256
37dcaacbfb50d0e35b9e8c1b9a1e32d7a206ad08c158f3a37f653a1e29e593b0

SHA512
bb8c9fe3165f4e12c8590b4158782348a9af46db8e157637d0d7bd7835a48c2d62dc7a5fcb2209449472e3e9eb4ce25e06f1e39471099443b9c8f3bde642908e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da073ee9c6b86915751c89081ee030ae

SHA1
ab5529ba473487316f533e1cce4bccc3b6fb8a37

SHA256
d28322b16033cdab9d9a6bd73844530517d0543423dcd23ab819089ffa72242e

SHA512
fa1714f9134f967349b195319606468c8037aad453fa7dd82d6a1017dcfc5d1a38d43476c72a0584b875778d5fe561f19fce8e5f220cb5189a03bb500a571f07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d383ab7b993d1f5c59b21dbc83bf64e

SHA1
8f08eae55c19c26edb1452369772b77be29d124f

SHA256
b1584001bdfe9ad0391bf2b0d4d78a04c989983f084cb3e0333165c5d3a0cb83

SHA512
44dd30a42823859e4ddb120bdda0cc6127db696d24163a1c98c07d476f1b9f3ddb9e8fbb85a839be68d143dcddb5a768f76010c3faf020e77d631096d6a805b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ad6f59e9a8b906b5f57ab0da85b92cd

SHA1
7d668dbd5070d1a95bb922cd7219adcf7282ffea

SHA256
5e108f588a10050a3ecdaa9270bf22a4da19f8ab7cd9fe71fa4a3d545288bd89

SHA512
119a69cb0889c07844403779c816c896c9630cd1043ccc52e441ce1606f8329aa7b2db3858f17e5f99214a20783507255b240b824f1b790a28a8847f76eb19e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7de3ae503885eab177be2c11fb4f1bf4

SHA1
8e2afc57efd6a990713ae5f9d8a1b3189e55f703

SHA256
46971083192615430977f59796fbc53248430e700a607aaa1ae1dba04433bd03

SHA512
a439332e3c408d87f858ce5345744b232d8c9d4f51811d5f22445dae00a3f1120d36fd55a48337c4b2c7cecabf56e2e762f5ee808563e066af1a56a0de6205b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9565615e5f4ed763b27f46cd5b4bde82

SHA1
9a907530a605ca3059419c94fa3b88a3312ffc67

SHA256
0cdf50bb5bfb49fec574ac5cced268ff2a5de2658dc8551d32af8d046a00b831

SHA512
be18811aed7839d3f3d305e4baea1620fcb0a5d1aeff3c0e29c3f4733288131f7408b05d0d6926909c69689904e76e5a561d2fb621accecbb796026ccdc093c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf7265a715261d8297d177d7eeee1c1d

SHA1
54c43ad6827d610148a82805fd1e8d5d680e4258

SHA256
5a33954ffcae04b84a96cb5e306e98173c420c52789eb78ed78ab30f6da874b9

SHA512
345b345f3250c2ed265b919cb8e742002bf06e4d17c89af0043c5b0461430bbff5610c7e09463be15245ef8bb233f27e202e0f3720c6c48f48e2b0dac72b1cf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCCF2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCD91.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit