2e4b2ecd987e2b1e8fbe71ffc28da2650feac2b5a7ed4ab313f38e21b85808a4

Analysis

max time kernel
145s
max time network
151s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

478437e8dd2332d6975c04d551d362aa_JaffaCakes118.html
Size

57KB
MD5

478437e8dd2332d6975c04d551d362aa
SHA1

e48f971780de0260e33f266e6dafbe33a2770b1a
SHA256

2e4b2ecd987e2b1e8fbe71ffc28da2650feac2b5a7ed4ab313f38e21b85808a4
SHA512

73cfd87cad706f1949826a094aae5369bb9f59a038ffd9d4f0ccb0c76e9e90ff782ea80346ef02e7327bc5bf4d232f2a0f58d5108b3d80140bd487122dbe33bb
SSDEEP

1536:ijEQvK8OPHdVgwo2vgyHJv0owbd6zKD6CDK2RVroHMwpDK2RVy:ijnOPHdVe2vgyHJutDK2RVroHMwpDK2m

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000008be8c9cbd863bdd88832e7ec33156ff33784423cb1e693934989672c9223ccc7000000000e8000000002000020000000b559d7dbae91daf3f8096cd2bb81aa9771ffcaffda6f7e725946045c03afa5e190000000e64bfe469abcc7f77fb8bdb034d491d7ebfc5e7658a43f86fd0baff1f9fb7176e6722a8db9feae72cd2e7c4e9a05931334cc8fae8badea9dbcf39199cc14c75e2d5ca3baa91613851d3807f4934ec86067c9d70e1578f7cdd7a7904b7a9749f2a353fbdd6cbe6be62655f3c0cba53d47da5ac371f65723ce8f4f59a23bd989a2d5701322f92e7536308da82b8e704d8d40000000c71fc47254a7336a7b98b0fb9ba96b5a05ef1a15cfecec0b49afc83be573a2b98f14a74f32cce999f1f3a267b55f73a45ea1c02fba6adcaa7692507959c719d2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000007b603521e75a01791ca69634c9e5063ef08c31ba1beb5fe4c9b39cef7f6dce77000000000e80000000020000200000007223d23fbfca4c285cf8d8633b17b3991f113d6fb62eacbb8dbe5ece726bf61a2000000050f059551e6803ef05c2fa4d813d10709fa3b08576539fd1e81c3d15d857c178400000001e1b118a039c884956f524b841045a2b56d384518142235d899dc14c89e3e7358b839db4ca82ae391a12cfa6aa636cc45dd83a26d2beb27850694f101f983009	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e06ab43d51d6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5D3C7FB1-4244-11EF-BD32-F6C828CC4EA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427166557"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3024	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3024	iexplore.exe
3024	iexplore.exe
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 1276	3024	iexplore.exe	30
PID 3024 wrote to memory of 1276	3024	iexplore.exe	30
PID 3024 wrote to memory of 1276	3024	iexplore.exe	30
PID 3024 wrote to memory of 1276	3024	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\478437e8dd2332d6975c04d551d362aa_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
8d237351c0c1851aee6897d32b8bbc1d

SHA1
e185356e96c8e2893e600819d59b438a6cda639b

SHA256
389b4c4996df029f8e1223179ab9c1a14d2597d2a6724fcf5cfc080b60f0cf16

SHA512
8137a332a538dced2595b7f92fa7af5edb496c2f846cca1ce01db6dbb2f87e8611b5ce0eedd60ce2391539dacf2eb0b503528d1b61ff13c4bed383f9fcab502c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
303ed62ad0ffbc44636e48f6096811a0

SHA1
4160df37b8b576eedbd1599ac123483a71eb3f4e

SHA256
f234fd2af7570382fbaf9f70c9e7e90c00348f6f5ada22ad91f6a7411908dd99

SHA512
9929e396df7393778a53b321d5af844dc4ac45f704c4d80c996e362d5502baec7aaac0d111250bae3e72bf8619ae1957514e0f056c46ed7a7ffbca7c92488cee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c7e1c0271add0bb6ccb2de9b081d6ee

SHA1
9c07c24b972df0692abacb30cedc253983ebcd48

SHA256
acb9695fc914b9fb3034ab9e569f20bba695231981e5597762bcc5a1b54c8810

SHA512
2352f23acd3c200ee03fd27b3aab3adfae5e96cbea3502e50027548ac720a792a31559ceb4e28a7df3f808fddd89daf219e0039e58c01c497f9246fc7d6c2d77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9333b9e32900fe5a652e50329a3503a1

SHA1
27b80dd9d07f9d71813b2feee78495bc2253ee7e

SHA256
2f158779713ce95f962b1ddcb4f486cc95d3e738122e04735fd9e0ed84486481

SHA512
814b04966dad99985f86098269162b288860cce7a5190742d85af7ab5825e26f0b938a6ef5923f544b780492473d51835ef06a9319961b2467cb0bfff7c05777

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2514e096905ef34211ba0ec1cbd27e04

SHA1
5d88a8d9711250aa87454626c4527a7230f8c055

SHA256
40a1f28c82dfb31e335258d3c0dc540885df862a97b740cd2a41fa30f4e994db

SHA512
d29c459350ad0639f18f8e4c6427f748fc1ec3340c6b8ed7a1dd2fe9dcf9f43be2ddd6a2b5addcae195c2edcf545663fb44a14e7fc80340b287b2bb65eb05415

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73d8c32be9ad0442fb66f222b8a17c27

SHA1
7fdc02a7b44fc2a16aa1a67a0dec6a620410d226

SHA256
75f6f6da4cdce3e19002c96bc90b65f4fc535b7948d44339399ea3fd0a6b0fdf

SHA512
437ad33bce783880771b2f6e268a4e1d77f6f4435a261c23492e418d806471e3cd67a4378d3aef19e70c790dc17348397578a3689bb44865d8f57ec0e9a02b14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0eeddf5cde68721bb9dde15e355e28a

SHA1
72893b1f5a5b9957e14116278c945ea9794d2584

SHA256
f43e74c75186a62b68994b47207493daa4adbec3c40acc92563aa871d5452ee1

SHA512
a1a1a2817dfae74bb4635adfaa3b1dde649179d19c4186deb53f74fc045422b4d0cb2267b9deda2d15baefd248d30aaec29eb66186e5711182fd6a8df1cd370d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9d4e74daab5693470e937e20d307a7b

SHA1
165ebc0eb246ab41d4d14cac5742aea2956f81c5

SHA256
c731621e233ffad5ec3834b72de6d541879f664f371115373cf6258420b4eb51

SHA512
26802bf87d14c80b2ca101f91b8af11d88c556f0a82e6eb690dfc684bc79b8a59a639c4a068b339bf6365b234ab050e48155377cf02e3ec964e782ccbb27860e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d70d72db349c249b9ed80ec921072eff

SHA1
c82e307ae0e0e8171e91a507a7d3f9d0aacd4614

SHA256
50f84ec9f79a72d3e4a6b9ec65a2aa7b50e91abf766c14b797e255bc342f45be

SHA512
20643e1ab859a6fbe0b9e9d2daeba7b1c0f7828b1dd0e49c9001fd9f7ddfd65257594253407f39bb67d6be8607666d10cad4113e661f360332ff987353efd845

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a29d41a1f11a7b6356b0b3d47bbebbd

SHA1
c39c6acbbc02cd38d9f098f51fe6d847942ff6b9

SHA256
150495e2d04b7f7787886ae077296bedb141173ee91c0fbe9c9d878f1ce32e59

SHA512
0897cdc018e23fe997c449ddf59ef9647fc1dc57f2466ecb499246106c375b0e5264d63a4b315e70c92e0b55c8a9718f0c4a684a0deec7c8e2df6ae7b130aa63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9fce5b503becea6dbd897595eb4a087f

SHA1
39fbfcdd38dffa3b57ca60cfad35347b01c1872b

SHA256
e2a410d955ca192caac3f07f74a5a52f099f0a63b6f892f4b111f84c89b79d50

SHA512
b6b1280762ff45615b2b53969c062def37a249edca270a727a075fb23a8e4981297918f86e42f8b5ae012a679592355f9e0b1f35e04eb9853655ece7b2b0f35b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89155ba3d5119ad9499f2ed4ffa71add

SHA1
9f71ef54e14a571b243c32f358e72f04184f44bf

SHA256
c4d43781d51bcd9f7919ec54af70cc2490b0bb3985783a87b7c575e1694eecf0

SHA512
846ad469747c412e6847289279af6742859666aa469553f63c71ec3faae542cf138aa066a7e988eb8cc097d8af50074dda2aa6b8f809e82b1998a747b9415911

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
919f3d6af08c7bf7df2eaa95757a6497

SHA1
200766a37994035ddc0fb3c55e080bf6291f68e9

SHA256
984cbaae3d2e6ee7a9a0979dee737dab8c62fb1a7d4ea44365cb5c876872a69d

SHA512
46b67d25e76abbd1abbbe07324624a91001f92323089302276d853361dc33cd35e3a7f835a735b14281cfa31527d3beb75b7e6c44aae91a7a8994e89d22202be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFAY0EOS\f[1].txt

Filesize
40KB

MD5
ec2abd07a1a495f5e68fc7897ea47b13

SHA1
bd8296765151f3082deba8ce9b6cc943c23b476a

SHA256
78bd6e0ea7109d522b5c68526390fe9b5593ad2cb828f493f2ee2d51da6e4952

SHA512
1b443a4c18fab626fb864a7f0518f9798f6361246a7a700435653366bf4afa55c82a6682c4f07ca6f49e294b6fd579a3ce156a462b1ad0d03469a5b4e6c6fa96

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB55D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB59E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit