bbe10c024db565e3ac6d331f7cd2ac14b50eff725383cf4eb326cf91d910e35c

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 05:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48564f8cc1f0422cc5de6165e5b7f4d8_JaffaCakes118.html
Size

66KB
MD5

48564f8cc1f0422cc5de6165e5b7f4d8
SHA1

2f6cc6c23d723b6ba947ce9c83d3cf60ab15de94
SHA256

bbe10c024db565e3ac6d331f7cd2ac14b50eff725383cf4eb326cf91d910e35c
SHA512

47ac21eef1dcc67b28333750f37826da4e18da30f6fc048e2f080347e9bfa7c0df9bda03bb1ac0cb6f49cfd6a5a2d7494821a3eca1735c1b852876271403f25c
SSDEEP

1536:8ebEyUq+C+Tfb/T9LaG9aQyTLa7Oc5AIn+cPTN1u8Vh:uq+Ccf7TT9aQOLa7Oc5AIZTFh

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AEC1E4B1-4267-11EF-B7ED-52723B22090D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a012488374d6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f0000000002000000000010660000000100002000000084d73803a8692c8547dacd8d94e3160c260e22a5eac9cffddab5326a5c281800000000000e8000000002000020000000e2c9dd630d2003db089b10190d28d1cd26e1e54052b8f02a8f6456f0865eac1b200000005371aa63db10f58b7b669b0715c9d8eed1e2cd26d691b6d54ccf05ea42f40d7340000000358ad960acdb7fc7adb4c6badca21d59174bd05c871b3a48dd475301634f17bbb7139a8e4b16d680dfd5c4084c25f382a003ba1a3329f0f067b8f83fbe1cd31b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000d4102b9eab04d5841710bab1efe700cd068a1316fb0922805a6f8cd5b17d7581000000000e8000000002000020000000782a9a4cfa7a7c750fd3c6e5e4bf268f40d6f33ab10efb0dbefe280f415ae6619000000035650a1af487468fcd697ec90fee6de7148942ab0d1cfc99a80e2a85c85fddb81f90c2611719ce639ecc8865a7dd8cbfa2e73bb2d1e796e595d6328a6da58c59d3e2a90355a7a4c7d42138884d2fce392ffced110bbeb86f0d6c57963eb5bd2266a3b0797bcb43f54791bade7ce266fc61463c8edecc9ae2295aa9c9b38a03207e38d749ed61260c2738fc67b3e36d2140000000f34eef05b1532e67793586b9f17af71c4d32e9dc1794b55d39edddd33965c0ecc0e19a37573b3b3485ea684e49f162d4cf15514634a18960a624360b4022735b	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427181723"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1792	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1792	iexplore.exe
1792	iexplore.exe
2716	IEXPLORE.EXE
2716	IEXPLORE.EXE
2716	IEXPLORE.EXE
2716	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 2716	1792	iexplore.exe	31
PID 1792 wrote to memory of 2716	1792	iexplore.exe	31
PID 1792 wrote to memory of 2716	1792	iexplore.exe	31
PID 1792 wrote to memory of 2716	1792	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\48564f8cc1f0422cc5de6165e5b7f4d8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1792 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e39efc96a6b2d73c9835079775e6a70

SHA1
287d021d10425d5823acb0335b64752ce268908c

SHA256
fef7d80c0f751b86c04b6373bfd0d6e7662a600b192f449da197b996aab06af3

SHA512
b3e56a87ec9e00494e9625f53038913ad4a0168f4866cb7ffbeef34929db37912ac9a80f83dc3fcca44a3d278d6738f6ec442152277517be991acb1e0a051d13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34137a751303c20f044d1651965452bf

SHA1
575fb340c61538448d71e50c74fb32d76c1e0071

SHA256
c4ffb3395b08361572912f574e9f30fe045af5f747deef4aee0abc3b213e5c45

SHA512
0688b6fd71cbe417e362cb6718d5a0e08c12ac561b4102bb21e679f9cd7c24d78d7f3db1fb93a78e4d46523572003ae03051ecf3ec5ce466955ba6fd2abe8dfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4f9b161192a628eaad6b156c3bd53fa

SHA1
4231a6d27e0378195160b2f77689b7da75d177b3

SHA256
68d9f5c62f3de41a6666b79264a2e9a09449a8064aa86ec63965e63f41856e4a

SHA512
9b685d5b98cbf092d57614937f9d87e70bbae20b443df3116b82cb917879edf2f99ee8b642e4299979211c75d33f79eb4154e883f2ce87887b93ce7717eefe42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e516689159c6f7798272aadac4d45b39

SHA1
e0522fed26eab0d350578174a01c09696f23c346

SHA256
038d078765d2ff1935b84f9371b785e52d111e954b34eb28c7c88b0be77072de

SHA512
7c4ec37c4dc637f31b221aee04518ebc6e26906b05b9f2f3de8223b10ab6b8b3f1021f668291349b0392a3f08a42209214d5f85186dbf21e3ce25a1b01b8cbe1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36be96741eb9ec44b354a38914d0983b

SHA1
4eea558fe6ebea79a8c27ef2ababe9b30b5b3f44

SHA256
a1183ede908f08cfa8c364687b542533560becc2848ed38c0f87f957c045d69f

SHA512
82a7e10d5aba847c1525280e2eaee9e0a8b8784e5d51e5f4dbbc582e6beac173608fa0c17217a0db583fafeb7ab8daa818ba0b97f44a0889c0e65087ab66a456

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ade1b03d00b5f51cd1bef9c9835446d0

SHA1
b0fdaaa8d143f7fc7028ff7cfe013df14066c34e

SHA256
39455380c1bec0494cd50541ccc5d7bbe4001af9c3187597230e2a236f3dbdac

SHA512
690677f0b59861086058e87475511140b3bede59a3518615c9220cf58983fd00ab0472877a1bcb343b3fca5c61a4c54cbfea0e9f37064c138995b9d138d38377

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81275d8cdf549da0ce72952c1da4a968

SHA1
919966e8f7c9cfdacb19be834bb8d6d15065992e

SHA256
dbbf83847ed3aaa7f5738d47d2894180ae73bdcdbc1439bf56af6c677e750187

SHA512
4fd3fde4ae47156741f3fff54e1005aa4f61847b76617ce4fd51d4021432e64683709220a5f0727be893e49ae8912ad7dd4d7dfdd262b5ae6debb07515731892

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f22978d72ea059f749dc3c3a1508b520

SHA1
d9116ef2757a60cf7656cd41e5b0b75fe622271d

SHA256
aae66181f4004037f124d07c1d0ec61b2bc055ae3f7e3fe0f68050630761aa2a

SHA512
f979bc2578bc3ad4fccc6c4b9befe7f315da2fd145d90a96f3c99134f922cbe802de2ccad5195effc67abcc2b15042ad5d056d4e202f0cb30b1adbb58193b889

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cde07e02ce83ac206d7e36944993069

SHA1
7d5c3aee8599174bff19c4d43c18958d6862aa41

SHA256
b9d816f3dd216fba2d96c31c42403cf1164d309e14c47ebd49b23edce0ace662

SHA512
051671d8795618292293e62cce8491d1de36b378db7bc83dc522cd78cd93c30846e88f4622eb6427222e0ec4e7ec8876d32ec57f8392a3eae52c409f4b5cfe62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c20cd82678430dec2739318a4e0f3c7

SHA1
b47ba4176137cfc13ffb94c8ff81eba58e9b240a

SHA256
0b519523af78ca850a83e5b09bf3a6f463059af5808e3c56eb24963328b53aeb

SHA512
ad5cdc0bbacb514721d55503cde3ea1ea17e61722925509556e23c821620ff09065bc252692008e8bab2d8a075a6e7d851971e7ed0f6b8bff4af1c2cb1cd91d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
701e67ce609cb0545b5b236a309f5e8f

SHA1
b5adfd35e23e22ada13aa8f0e64004331228934f

SHA256
613056c628ab95fb75d5980c8ee26d43e2026741f1506f79f0daed1bbdcfb66a

SHA512
fb6917efa9bb41eb76959e82c01356ea41f22a24497bb82359c9182e467f015f42b9bea400748de760e088d3830c483e259106a059d6b961d0fa070aaafd4edd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad08506b25ed309e46d449ede4e04a4a

SHA1
9063055e03dcbf85d83292e603ef107ab5fcc5a3

SHA256
0dca2dca0010c78ef486fffd06cda4617f0b120ff945e124498c9ee700f5eada

SHA512
528c5f3ad6a96e85598bd9584b4da984cff5a18bf0ec215da013d94573925e24bb3c4f2dac18dccb538d6ca6f59e2b261f451e3acfd438ec4024ab9ef9bd1b50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68d09561fcb312efc6dff0aedbca6dcc

SHA1
17efb928dff384f6b23e198c2d53b2e90fe052b1

SHA256
9a373473ad3b787056bbe20aacc626d7da0057990701850ad3e684bb902ad4b5

SHA512
e321c92240cbdf2d7b4843334447f86f9378fcae24ef40367e3e7c9a7ed7a45ce355fa18c9c9576c107d453246bfdb42d590ed23a61966c7e7a955d93e656aa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4674c6959a9ba09f619f28953890f1b1

SHA1
147ddb5e2d1901929dc4609a180c7975a76c40d7

SHA256
c774dd08acb16d2f7989399b4a2e68802530982eb870b55b25ba8048864678ff

SHA512
70ae6cf33b5878b445f291738f5d8af6888be611ddae8fd1d76df4f53f05058f923011615f213eafa364be7349b3621164ea693f8757dd20859cb15478cac1e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f52bdb71ec4efa23a0ba98848986aadb

SHA1
20af3aafe50552b236d22dc9259c482b628899c0

SHA256
c9574ea143239b5542bef088a5fb5b36df50e8632cbf894006895dda2b7efe95

SHA512
fd11029529f714a1e932a4534fbbd1977094865e880b32ae8daff601416a673060cd994fd8e8346acaa8977abe043ecfa760ed11cac6f32038a7118485de3d16

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFE10.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFEB0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit