6d021bc63169ec0bca83ba98db6f95b705395a037aa03ab8d4fca2b18a044fff

Analysis

max time kernel
136s
max time network
129s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 07:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4d3f3be97830ddd9710ed6afc528b6b2_JaffaCakes118.html
Size

2KB
MD5

4d3f3be97830ddd9710ed6afc528b6b2
SHA1

3c5cf3bf5726d9a9b2c16cc001101f509b6a2822
SHA256

6d021bc63169ec0bca83ba98db6f95b705395a037aa03ab8d4fca2b18a044fff
SHA512

829637b8a939206ab65de696d284307d52cbf18a9b82dfeb5ecc1ba1af6a244f0bc270cf525f14258ea564d80c1174aa94d12d20e848aaeffe73406a3ebb49fe

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000930ed985b08cdd4cb38e38023150682b00000000020000000000106600000001000020000000aa1e00cefeee280eccfae680b941878734e3b49b62b78ee406f3041ac3c827b3000000000e800000000200002000000036de62d65821a4bf1e48de63f09b0d7bafdc4ba662ff857ee490503083d73cd2200000009474d8abd7b6d6f59b4d1cc238eb612f7031b996c996ce83474c61ed327d643640000000a27b49f8d6894391a664c06b42201e0c5811cf7f131972955e49f6e5e08ef8730545b335944853e3dd892dd13e9b6d6f4267e88454308e36046a37371fc8e119	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427275080"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0AB9BA71-4341-11EF-AC89-C644C3EA32BD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0273ae84dd7da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000930ed985b08cdd4cb38e38023150682b00000000020000000000106600000001000020000000c7d8dec1b14c08e8000bb0ee292e86be8cac5644b4246f693a7710d06c70c281000000000e80000000020000200000009141f150df278c3087675e732c71a34fd585f89169e38c56b76a2bf25e5551ed90000000d1caf3357f3e4b48017fdc11f20b47bbf434df6ff769d650348fa61087a05243ea9e10bb343024dab15a8b4a4e91e7c72410aab074d924ba3b0b7a71635afdc2e83b9e5f4ce5b1d75d3c51e6ed3c3043745ba19aa4cbf2323502135248daac40fcad5353830177ecc8b48626bc25c398bcbb6bba99a07be419659f13b87edc2ff319f674355e5d65a68900456773e82f40000000c8284621037f24e13f4f8d46f07cd09a094b7743e303e4bbbb441a6c5b34c09e6a9598b9ad1bf3fe5e47a7f00507f91fa6aadd381a95b01470b1b629f821e06f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2492	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2492	iexplore.exe
2492	iexplore.exe
1616	IEXPLORE.EXE
1616	IEXPLORE.EXE
1616	IEXPLORE.EXE
1616	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 1616	2492	iexplore.exe	30
PID 2492 wrote to memory of 1616	2492	iexplore.exe	30
PID 2492 wrote to memory of 1616	2492	iexplore.exe	30
PID 2492 wrote to memory of 1616	2492	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4d3f3be97830ddd9710ed6afc528b6b2_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2492 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c942357e272255520a4e6f8a955e8da1

SHA1
c61a8c10f8d7673c2e39621555d1848f59f48924

SHA256
55d53c19662d32512ec010bd4433c1e5c573ef4d9463693522cce49e10a31c73

SHA512
463ac8c6c60021bacefe2cd01cda8d18ae3e3dbee668adb85db2024025677cb1876711467b99a715dd86a5fb9475f12be223d3ce7ccb1c407773618a8a719640

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
314e6b000e191bff4503943b2206bfeb

SHA1
3e2b81b7067492d2cf0c6cb708eb7fd3b43f2705

SHA256
2a491604d14632bbde70224764683008d0e6cefe5474576f38cea4aea838edfe

SHA512
eb861f4b24f1cbce4e671316b71d7189a8ab59a45e923e1f74e4f554e1026b187ed1aa0b971c5cb284bb35804a1fcbec5a077ea1c3ad360b84086cf2cc2fd233

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f20063035333e550ba5a7233c7c54bf9

SHA1
dd962b978049a4be48f97db653c0f80c9081c1f6

SHA256
7afcc340a8db7ef5a2dee1e7c1c80e5d17ab98ca0fb38423b2b710d2c8fdc628

SHA512
c3e42426761c3180a728273ac312f151771c10fa1ac2232b2acf5879da0c6f606da0e5d4668b317d93e8b490941a50d6254274315e9c3f9b9bf4e211c4e88937

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f595663511923516b52e0fb42ec49694

SHA1
01c0df39f97825e946873fa382f45960ff55be56

SHA256
a73cb2568c45b073c0cab8416e0e04a1aaf211feabe551a880d400f73dc2b558

SHA512
3caa25adae60f4d371e41dea448dddabe119e442788dd400745a8c27654f0c2a7baad7a1072b491bee4d836cbfdce98258bb0fd77729e5ea07194be64aeb216c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc74b49748bee84afae65a6b87b2bed5

SHA1
43bf77814a2f932578f44508ab4a48b0c90665db

SHA256
4a9aea17c8c4859393101a3e6fa627e8f1ab06dfd659475c9f4d9dddc702ca78

SHA512
ae0a5aaf41886c63fea83ebe6c424a0ecdd4148a86cbecd4e1091544bac8b66786adb97a235599502882f3be10879a0b63fbb3a5feb6d0d650012ef27fb28aaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e44ed198b1eedcad92c308917e9175fc

SHA1
fa1f49b9549299dbcb76ea204c899a2d2bed14a7

SHA256
45cd279eaaa5c1b1a5e5c12121287b3f85f3ec19015719284af5b3cfcb6ed93b

SHA512
2e1f52b1eadecbcbbc3544cca22e0296493aa8f283c30449405834319025d2ee31e9233567d8cdbbfc95121ad937f473c0923595bb7d0c402758098148ae96cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd969c7e35cb6b12dc58c087c20b5915

SHA1
07ea17229fb3b058ef41889774d805587dba4ee9

SHA256
efec3db8e5a6fc8c9435a4b336d2acffab29bc774095215aa74bf5b4bba4ce95

SHA512
5c676b45589757f069a8351e6fc2ea1aa5b6f8ffdda840a0bf32b182ae989d0e05265645140b66862a9f46fa2c697e25e607243470ded981cc96c52ae3d9a4ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc30be48bff9f9a0e65874b0b7d9aa6f

SHA1
37a6420e844fbdff2d742548ec616367c19900d4

SHA256
e3158cce8e28740195819cc22049dee1581af4299c3c1ebf548c3edec13879af

SHA512
bc061e053518a0f8ee789dd0d3db7c9625788098195b1595f341edc10162024ead8854c916554a30909c28c6ce43a648b32d75044e41ee3e24657637f857f08d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cb54eedb16244b10882fb065379d738

SHA1
abd74db56c39bc8336a7f4ace786aa7460d54e27

SHA256
3d266712603d38bfb9bbeba513d9a7f004d55895af31475509ad1ed4e966737d

SHA512
01a4e684dbd51d50fafe66a2d8791c195590d7515b62b21b8107c4adb688c19ee23fac84380484d9eeb39991191e08828b12a6d3243f893b5fb23e96a7e7062c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0a1802c3f0e6446a8438ec7bc0b008c

SHA1
0b6bc1a1e6c7715f29ac9da4d1361d7cf8c534ce

SHA256
988175618c078b35502ec3edacc3aa42d8030c6674a6bd887db9ab264be86cb4

SHA512
384ca8f8e2ed47e0f4c18e896548457a1e8f4d4b67e0ad0db40b6e689bf410623ad57a239b51bd4ece21224da9a4e1c0757d034cbf827ea86ea57e76314f3a61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0abfa8a6d94d55cf768614cff6d2c85d

SHA1
cee14b9f9d9c9fef26fae47107e2e31a47e5b017

SHA256
862e99a5675d43524539b2580866f632115ca52a0d98e3e7ad307a50ad098f8d

SHA512
3151b03717b85a1034bd17282fb3b1e590e0522a8385e10d73213d59100a073ba2127f5a08090aaa3a73a0eaa9379d3b1c2a564196cd39d6606f21e9842c47b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04304d83618642f24851d5a129f4effa

SHA1
1c3659955148290a5d2fd3dcf9a63d3c2dd09d75

SHA256
27e2aadba88e029644cad50d8a6bc280c99265bef7189143ee0a5c1f690ae828

SHA512
cacef4e60df85f15ae8d58ede327a014d0d09c5f69e0fa13a67e1f4cfef7426fd0947619cc58f686f0f75699e831b20679b21ef56a14e020ab5fcc6930c0f56f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53c397d678d75a25de147664430d0c0e

SHA1
c906b42e588af42e1560ed4513b66f089ab4c477

SHA256
e33ac96b4dea8d36a8db39298fe05980abea0726ed5d6c3d6f3f50e3df5f3980

SHA512
a466cca69ce7bf607828fe4b35a702b54d585aaa65acf0820a596b70f6f5e6b44f34328bb9e5376b1e36b2000dc21a9e8b89aa444c6ce10844ffbbc5d698b01f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
516ad26ed253d73039f2ed43f42092ce

SHA1
d4abcba3a596a36842928424bc264d562374d257

SHA256
da312f9f3d2c55307e21bade880f3e0236432a55cd2ca6530300fa09eee345ac

SHA512
d15476db33fb8bf3baed55c3bace1b0a43d89ac85be52a1cc68a23bef510ddc10371d6c7b89ebf294042cd82f8f009c423aaade1ef099a4ef3fc82588c13a1ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c305064fb78b6cbe8c34712452c29cb0

SHA1
a5dbd2200b080f03c568c0c9ff99ba669bc33722

SHA256
19459be05271bed7535133608435b06ef290717e1b43784b7c21fb2ac26fc7a4

SHA512
733b38706dc1260b37b047d2cc50f04dac9c1db4b8f62a86f30f6b9a274f4666f02b9ad9e00821751ad3516616a39c442cc9c4dedd2e8f44d573062d9d84d47c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2dd048b6bc8efa163d5133654168403

SHA1
61d5f42e65fdf67b6cc29d855eeb81d6a2fa267f

SHA256
0b9fe26dee81df692509e6a4dfc04abe761b9adeeb7c0e8457708084ed00aaac

SHA512
98afe3770a10fe875f2d5b1a2f1aa7ad3dac3a877f2e1a44c6764b96a2469618018ad9948da7a5623be117e65eaaad13e601d505795c3f6cb84070fa36b2e0aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c8c2b4280e8cefd4d95834e427525b4

SHA1
65e1d8ccbaf46ac61c73bf2bf30df42a9c3cd48e

SHA256
813c59bca7db813a93c6e38afa6f3a827bb33e6fc8660b34953d746c1a15b8eb

SHA512
8c58ff4a1effca96614103e2b8f9b4beadb5e40d671bba26e3ea64998d82f2d55da11449acf7bb312f2dddc4437205f3e745f06c184a237907e96f19795592b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b119f4ae247f6ba26c6dccdddf2c7351

SHA1
3ff4ad22b6e19833723eb6641f5cd62d766f858e

SHA256
09acbdff15cce077cbeb586ad247f7e7931ab0e4a8b4722b52f75e4859e7c0ac

SHA512
8c138a0e5f3bab747d5d785fc7bfb079f76d48d5949e56a41ef22fb86316430c890bcf7da48695778034ce1a6db6cde9383f17a648cf5eb85b10c0dd7cfeb58f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4BC3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5019.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit