847c48fa8c32ba5dfd8c2c69bf65ce2d6e11927f0e7a466d1ef957d0e94c9c25

Analysis

max time kernel
118s
max time network
144s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 06:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4d3b51ef79179233856d53720709fe01_JaffaCakes118.html
Size

9KB
MD5

4d3b51ef79179233856d53720709fe01
SHA1

77d192c0b72bd50d594ae1920144898c67b02ac0
SHA256

847c48fa8c32ba5dfd8c2c69bf65ce2d6e11927f0e7a466d1ef957d0e94c9c25
SHA512

b8f95be3a0c3355485174a0a2731d462a4961641d87dcf5c8045908690034a680e6460c4502d520b2b189ce2e593ea66ee5540dbcb13150416d733a73cd7975b
SSDEEP

96:uzVs+ux703vLLY1k9o84d12ef7CSTU3wzfJi2NF+KyhgV+Uhdphb+h8cqkOJfmeP:csz703vAYS/uxN6pcvqwEgb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c700000000020000000000106600000001000020000000229b23584a1b759ac23dea93c42007d96b8f027ab0c6bf856bda532be4773143000000000e8000000002000020000000f64a1cea15b64395f94aa05b15d5201bf898a03ceb541ff79757ce66bc68b7d690000000a5fb4c86769c320de2f007e1a7d649e9f7312f74b858ac781b1a4f35f404cc7881bea9f432dbdfe02fccb84974b6f71a3000edbd4eaa65cd5d635019185f8ab38edd53db2907a2c3b2f3ab627401b1c1615590113cbff011a722f7cb297198f25fa1a46b23d70e1ee9159e28b53432b81cbe2a48b78101d6de9e436a10791213309c6d6b82fb6626fe989ad1529ddf5140000000e49b4def3eb40f3b8e9783d0e7837caaf3213f2e916e0c7a2fbc9aca5508d67dc66efdc050632781d1ca36117715ca9b6f8e73c3de9d52f53862d3ac85c4b172	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c70000000002000000000010660000000100002000000064fa7f88eda0cb6d273ad04dadbed029b8c9bb4c5b22d63f72776acac7a9e9ac000000000e800000000200002000000064d032d05672f710b49c991fd64e8c0e836a10b10afe1f580f13071cc129eb06200000003ad8c5da7bee463d5b6a0dde38dceceddbb50b053d448d701abfe5c497c876b140000000845a8cc4f1336f2d58d4a45da1c993ce144eaa80926865f14969df4060a47f79e5f510323011c81015d3380b8def5e64074a78b763bfbbe8a57ff6583a11ac0b	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427274775"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0070b234dd7da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4BEF8111-4340-11EF-BF59-526249468C57} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1668	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1668	iexplore.exe
1668	iexplore.exe
804	IEXPLORE.EXE
804	IEXPLORE.EXE
804	IEXPLORE.EXE
804	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 804	1668	iexplore.exe	30
PID 1668 wrote to memory of 804	1668	iexplore.exe	30
PID 1668 wrote to memory of 804	1668	iexplore.exe	30
PID 1668 wrote to memory of 804	1668	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4d3b51ef79179233856d53720709fe01_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1668 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12db1e5e3e5b0c08d89eaa4ecfb54707

SHA1
90291e68644544f7c286a702a97d73ece7f7cdcd

SHA256
362005c0dde4402923a7535daf0b11e623bfec23dc2f638811cb1b0c6b4492c4

SHA512
5ccf39a7d8cb7ed0fc37093c69c378dc99055695e9c203221c3d9070097aca1dc01cb62efa0abd42ced9473d8dccf2cb61a83ccd79aa043e799550e581108aac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c50d545947de65cbc14788acb1c7a47

SHA1
91860315f9f28b76eea688ae0326fba3500e1302

SHA256
16e47ca86b2852f213d2bb9db73ccf217905060076b23c4e428ffd7699e2d9db

SHA512
95281d2dde499a26d05a3cef44e81715bd1c87f1d3831460ed64a0dcabe56b74a787c9d68db95318af195d40ff0b1d122ddd32d87fa3464cc83eeb07b1b028dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c475513a902baac39403b1990758591

SHA1
5a169cef5f617af7859368be835251bb57049b91

SHA256
822386f8324259b9c4103c55d63829da6fd097fc545b56a194747acc9a219106

SHA512
adddc053c8a5759bcb7bf5033b3677963fd2a35aebfb5f3ddfdbfa1946b586be26cabecf801cdb9d90fdd0ac443371b44bcf4b48421f16e451152ccbcb5f5b6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
544440ba085ea7f3711b1e6d57e7b1ef

SHA1
8c1de0c95f8182b2a695b87443e59361e3db6637

SHA256
1b3c83c8923dbd2ca896b27bfac367ede232fc676ba6923efb13d3fbd847dccb

SHA512
29249e8225f33a6f228d351adaba7dc5d017c967c293a1bbe1cead749aacf464443b6d56b2ffa77fd74220e75f75af679b4b57e6edc69b16ca6adb6a55cf5e7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e31c8be1fe00fd1619c0a3e62bbd444

SHA1
734f4b8abceed92d050970ca24d8820c0d19a524

SHA256
b388c238910aed8ad829aa493954ad97f9fea17187669740021e7543e3c34867

SHA512
509a6ef4db9724e2008f13f1f0cf75b12a84ae118208a14acecd94ed5f6c392652642e46d90df384c6d03345cd51eb51cf39449fcb26673deb4e28d36a994ef1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32a73135e8a572f457eb180d46f02b60

SHA1
f0ac5eb4294c457c54265a6250aaa861fb130afa

SHA256
7ab8106ef232a10e7789129107d14d8ab64124350369fa78d415ea1d95dc2cb2

SHA512
75fadf5eb581786e3fef80c42fcd634ed0a4244b7830512f80f34ae3b0dc2fcf91d6aba947465d578bc193ab385c50e4467d196efa4d4bc5b8d17309258cbbb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b8c5c3fc9f31a602ed9211175f6433d

SHA1
01403d793e73432dc3b5ee62d0bb675c28f659a2

SHA256
cb0a6206980f11079849890b4fac18d456520cfa1ac4177c5d36b372423772a0

SHA512
6b53d2a8887edc12a2aaaabcb43d6ae613f6de73dd281c8fa456df5fcd7bb6704c32f13bf8c15403fe507cd84e172aacdd98c94040db6858541c1e8d54a45c12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
291129e5fa874d7e3cc01c4818b34d1b

SHA1
7895e3f27c07fb012de15ff6588e246af5f0aa40

SHA256
108c71e1335fd1c2b38a4d4a86901e56a61d9170256c624fca9424468d78c37e

SHA512
c7914066ca7918fd3371c73162023ac4394eb5600aa74a77b187b4bfd7fb0259a4375758c7d5a7e9008179f02f7a2c94e7c595fd45d3f876eec3818ed501a2bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c9a0dca15f8e138dc9c2d6b583fee29

SHA1
218287b68a9a6ac14984c5f217b675a99aa40410

SHA256
cbfc2d2798c3f57176e34079bf9baf8072f037f6c2897c849f0973ccb7dbd91e

SHA512
b3d568a655b1ef2eda07e6e5050e50be7ccdbe57d282d24f1885a1ff2525b6194b919aa17c6fe33de4b15cbfa3dedb986129232384a753a36b1e2d475889e269

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d782f31dc167c8f8563d2008b122968

SHA1
e98764b724c78f930ca6c6c76206a13e586f7b8e

SHA256
4f348d2347cbb8e60d1182e5b9dae8047e3058e0f9474c23c2410c9e016ee846

SHA512
af9dc54d964dd0d3e4283d86117515c4465cfd0a321f4c7218aed5a7b016c252426d456e5ecba7f92a9f550fdc9bc93fee4e03b09943b67b1c1c449e35b8ea22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1653796526873ebcd45158722363f043

SHA1
2aed900c96ea445c0ef8e94d46e796b1d1b2dcfb

SHA256
e84221e050c1e4de2f73c4b06349091fced821da8a6e124453e4707857b36d39

SHA512
faa12bf976d342ea5b8b9489e2563cde4d5ce6e7bf0d677bb9509d16ef48aaf141878ef362619de5dd6b3d1d907b99a7a1b951689f392ed991af658ed173a9dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61627e6426096dc80cfd9ad1ac0d3c29

SHA1
7379a781b10eedf15f6d4ac7e613c25a5216dd4c

SHA256
5777481069988e34f464d5485447f0ea43549c91f5a8e29f435da91978cb6aae

SHA512
432d86df3779489a9b04169f8a5e2657122018e249aba315950d3315cd4489fa48c9867b043126487608802436bd559b9d128c56a862ad347a76dc2a75331457

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e9d856d2c9064a458d2ccd1dcd325aa

SHA1
3be7d1243a443c90fc52e16541ebad462c37b91c

SHA256
12929939641f5239d15071a47c90e52c3195e81f416f3faac2ce5273e679a44c

SHA512
a0938e1f5a98c216a955de01f35472acab99425ada51f0cff031eaf953a89953058abd3744c90201e91941a9a692c5bc1396ceff3a3f33275ddf1c29ddc06d74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2adde074a91c8b1da82a62eb1f439bea

SHA1
c994272f0d0e92ed1a3526f8b39e471af5e41036

SHA256
e69846e7cfcab2f5fc4531170470341aa4ac1e68adf7b4a43505d6a8a20e2072

SHA512
d1f08aeebb70ef8ad5dcf84a37f37c64e717c6e3dbcba10e161860a0a4f5a6331b7f78e4282eef338f0250590d75f0e05e193004d775edccc761c795332524e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
153dbffba06a16ef1c354a90b8ec6836

SHA1
4cbd84581f200878adb58ba59c662cbdd39325d4

SHA256
0539c7935bbd3a1d8af94f3019c8d1f042d2b6e444180fe9256c2e2c02e9eeaa

SHA512
ae50ddc660db0fb03bc512c7e1365711dd2418c523518eeed5386e4658e638e2176154c48e0eccbf41fbb79e8566955baf5bc55f59a8f9383391b5505621bcc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4997a5021f51e13afbb8df3ce249499

SHA1
28251caf78b475517c172d8a45cbcab3b0b1313e

SHA256
1b4b352a217e3ba4585ebd670e4c38808bb04e02845c8b1031bd9d022cf3f295

SHA512
101a0d1cf20da29f8f86a13076d8aeff2988d78bb200839afe38dda044486031ebe520d7b4c604acb34cfd78c0bad5269dff3faa3a039213df8b00b740ec81f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2543ee0aec3c03925f20b5fc3274b302

SHA1
4681315aa114e794f274964f891712e6fd3127e9

SHA256
646c8fa958c6801f5a554e285bb82954b0fd95e3c8fb3715f897592781489925

SHA512
16abdbc957386653de0c8409b0427bb3022d22cadb81ad38233d6ee46952751ea65577d4e36f5c172bf7bae5fc61a65882e811f7ceb7fa007e372f54e3afcf98

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC97A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC99C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit