d8c381f2e1c4f8cc2c789552e79ba9f5d11fc6f8fba45c909a730e593df5401f

Analysis

max time kernel
70s
max time network
134s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5df520e5fbc451356840b08aa5e6e67d_JaffaCakes118.html
Size

29KB
MD5

5df520e5fbc451356840b08aa5e6e67d
SHA1

1e59b19bb6809b033878fec44b38685f4cfbfc23
SHA256

d8c381f2e1c4f8cc2c789552e79ba9f5d11fc6f8fba45c909a730e593df5401f
SHA512

c0a53bdfbc40299b36e83fae2ef0e6189dba1159bf5ce248cd1c2c03d3063faff52688b9cb2c4ea62b2ceffe3a10d14be2dac157fd3835740e747378af30a102
SSDEEP

192:DkTnExVEMitnzpdy9Qlt489xFDBGOC2T2x/RwkfVRxxN1t0wFpIUF92oNTZicvP3:oTVzpdXzh9x7GOAx/Rwkvxxt0NI95R

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f06123e92bdada01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000004b806a99bb7492a12ae906691e07daca7f7592ecb8965e3d655938e53fbd4695000000000e80000000020000200000005f107b0131cce5e7f707bd0111f75bf07716cbb5a2372cfd5d09704555dcceee20000000270e9652b7cf86e6514f2d25cd8b20f40649e4233ef3e21bd939496c29bf65c040000000af6ea6e9dda650734d20ffd6479ffc331883c04579fbbb2278a580f78de8521e4223e6e0dce2d9f528231ce3a9362d6f5516cf1b667ff9ed94366e2393f8e008	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427590346"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{13ADF9D1-461F-11EF-B39C-C278C12D1CB0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b700000000002000000000010660000000100002000000068992533dc6b7b6352d3296700cf7ec2bb4d2c9865eac517826d55bf7248be48000000000e8000000002000020000000ffcb91a1f8e1250b8d3bf7ee13044258a46ed08bdc1d46dff46e3cb4045b92449000000097e3690a15c0652777e4e5d58c92e26f994974d7078ab99e0cd6fbfcb5dcb2a4675d54c4957ac9c4c3f0317d4e43eb9ca375655078ab8157b351c63507f8598589412e0e670620c0921fec27fb0565296e1565db7ebb38b438b1a34a0f72eff9ba750f9a88e11f0a7b9616a895e97f4f9f486c561950aa1852598384f9638f77553945692b252575401feb121530372540000000c20446d70818fc3c0d547b9360bb8f06945071542545812c2af2b4415d31dabb5f7419745460402714133032aafa446db30a40d3753ab5953da0ebad225ca4d6	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2400	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2400	iexplore.exe
2400	iexplore.exe
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2372	2400	iexplore.exe	29
PID 2400 wrote to memory of 2372	2400	iexplore.exe	29
PID 2400 wrote to memory of 2372	2400	iexplore.exe	29
PID 2400 wrote to memory of 2372	2400	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5df520e5fbc451356840b08aa5e6e67d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd20ab0fce3a1213914e6f5bed9903cf

SHA1
cad69911c2b0e73c54f37c5cedb873abcdd67150

SHA256
9ac30c3ee5774fa4ee9243e227a9e136f79ea91ecb4253c2f8de6d5bd046bcb9

SHA512
6b036f8cc6c82d5244a971047c57ce0ea0b7f40c699bc55c764ad65d4cb040a4f5c997c848af502764ec8724c1714f947418ab562bf11cdaf18a3735a3108dfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50e451027ef1f77bced0482f09dc2fb4

SHA1
f46da64cefb274e4b6bef06051d14e1af8671433

SHA256
cabf298843ce403f4d025d82cb9ff03e85c6edb166f5b31ad1a736020f708f8a

SHA512
3a615fca51481b6581d6f2cf35e867d498863f5d427e1b16d9a4805006b20c72d070a48f5049cdc21bace8b02c7bfff81c13d9c90c05df71b0043cf81b13f3db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9167f6d5010af7119f68e2b77d33b82

SHA1
df8e8f7b44e6aab92568e4ed4dcc52138d88d481

SHA256
ebf913573f8ce7b89ed6863bc666660c9998b0ad114655a35dcad19100e92732

SHA512
85d346fdbcc87ebf561c77a45673be523629a1ae1f2ebc181016b724e2343180b348ed3578573296955698c4ecd99cb74e03c9e3e032067d882fa1405a06b06e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7cd3297a4263c75fe991616b654e173a

SHA1
afeb5097a27243b43a2d85acd3d5647738619159

SHA256
d36c6d22a2d67f4f1a3dbc6048ba34e46140d6c556f747315898f502ff75aa5b

SHA512
4f729b0874ff269d038fd4933a911222be31a2fc9026ed8d065ed49f07ba7bed579c5991157cf65a897e94d82f1b4a181d5173457737606a78c42948dc5a48a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8946ef3ea3df6c62e7242941b278bfb9

SHA1
ac4fd0e058f637cbc2066e8784b13e89c5747ffb

SHA256
abb6d90551c58a822c4ac3b1b6a981a60b8da505d5b4f639109546177f88bf12

SHA512
8ed740e0c4c9fb47c65482c08641eb77985209506200bc5052a160a4973a9052e11cfc8cd75a09e5af61351c2ed570dc9d69c71f0bff1c31d3554547a12141cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bbe8ad81217fda650365e1515c1057c7

SHA1
2c9aaae4a9aae871ecc4a68457c30fb3edd1474a

SHA256
aa040bfba102173f21e3f431cb054d7b0a118b1f4f5914fb94b0488ac0df1ef0

SHA512
7ea53cdc988c91b7089bbebd05d76b6a6e39a07b5ff108e14a2ab21aa5ec04caa02c8c00651e3961b325b2634bf94bb633d554ecf85e242d1e3b85cf8a556b64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3e4ae7094086cf56ec5a38fd13bc578

SHA1
bdacd24bdbb4f586a5cea3d2033821139c3fec02

SHA256
49bd6d3884465735c2bd6a48f1d1c299739ddf0094ccc7a88825583e023a3d9f

SHA512
53313149f51512735d96bef0e0039f34deb33f7b47bda61a6c95b67f26d47533621a10d59f963672e05b61cba96f404e14ade095497f024fea72ee894c74c1ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02106e3d02f874f5e8d1ecc09b69ae7d

SHA1
3a730f5a746f0e2d65176f34fc35cd00c29e4182

SHA256
c5f2db951d427e8579579f8b819035151437ead1cb3d727eb5d39d53621f601e

SHA512
967d58ac9af0e4cdef3a83def96e8aa647f40e6094dfad3011f6acfea79be8f1470621e089aad6feea8ee07598c90c540e20f870a8e2a8fedccbb9f8aa1bfde0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a2a9577f4bc652df30294d0c8d4151c

SHA1
bb54d1ba7efb86cbcd87fc3ae08cd62d58aa5b3b

SHA256
19f35401d1ed3573efefc9180c5488cc3ac53ad5a53cb94fe94ac025441964a1

SHA512
0713b712896f6a38d1d1a932926c2f0a4a60efd2b4ffd7781eb53a3302ab63aa78c4698f5e6740ac1bee0b203767dd2b9e1325f3fba237e810d05214e8bfd6bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf1eb16c2785bd8b00b1391cd7e6bf03

SHA1
a037556d540488a5faecfc109f86478015e72c19

SHA256
3fcb994002ea39962a2b5cd0e57990d701e6cc76780ac34ca42442ffb0bf24a2

SHA512
8b008aa39172d54d644ce3a32d769f0a082d1a904ede0d7d0b55ceff49d8f7071d03c13996fc29aecea34a529f44c65ae6cdc2e128b0606950d6304cefddf8a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb8baf341ccbe3423e82ca004493405b

SHA1
83a4d16c4d99785605cd82030021b931d4566f15

SHA256
e545416d7c23b99beff12ee8c741836fa68ad5b9f80c3cc5f06fcecacdfc349d

SHA512
0150a7f1b63f3a74de627d062bcdede934dbad38e2e722437d22cf252f5f0aa6a6d493d52dbbb2cced5699efd4560b51009601386898ad7d7b44f3d1c3cce99b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67680fa57e63f95b0b5d900b260a288e

SHA1
651543fc78e37c7fc61121def9525440f32c87d2

SHA256
6ef073d6ef647507765037072d830e9f1c9d754e10928aafb014eaa8d397fc7b

SHA512
733f659bc62447fe536a2b5ed615399ab2c755ea79edd7d65b2f10b61ad9a709195e69fa59cc2416830ede6e67751674c8cf387a46c411ba0a71d520d1239022

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ef84e6d34df5582777369ebfa310393

SHA1
ff3eb6663186bf6dba3b35cba9f34a8126bb2f42

SHA256
6f0a554169ca0feee2a5e17358b6115ee083509f6d34e28d38a8711def20013d

SHA512
f6c9983c1e5fdcb9db98004057d52606ad12c95694332292152c9895a38cafa163fa80d1827c5e640b6d3bb5dc022e6ff2d66403a4e5930e01ea768847f9ae8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ad25b0476a8577b6c1239b5178fe710

SHA1
a0fa32a80ebc9da20fff660ae6a6a9e421b76a71

SHA256
8cfb9f3510bf6ef817d29c3b10df1d548fc22cef4dd9fee2a04db461615fa795

SHA512
f60edaf1726e8522a01b30631b9ab9de0384299e92c5fd01ad7745dcad1a63bfca88c9b60e177dfa0eccf81bd2ef5c1cc1fd173eda553cacbfa967f9717949a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42b8701b3ad24dc7c78f886eff65ce63

SHA1
1e8b99fae7fe9c81910f2a64f29911402fbc1d8b

SHA256
1f2c3411d9caa4e2888ab129a87151561a0fd445eeb9380ace2fbb50d5983142

SHA512
f6024175a76230ae029a65f88f6e2754712ad5ef44b27fc4d0816222926d71fd99985d8b80498f2a1286e6e8ddea62502c10fcd8f9101b7deaf3dc946a6914c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b7950d7ca4fec3d62e3f64f1fc178ab

SHA1
86eecd4f075ff54c49909e9a4f8746f811702b08

SHA256
a683c120d96026be99c8d236c368d8f843ad90c10a6bd9ad719fe67ceff0ad54

SHA512
7714b9c9ae9bd516410729be489a37b637c36e089e4a326bf502941b9f78e82bd4275fefd238af682fc784016a5cbb7183d337661ac4dfe46eec8ddabd57c085

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0443dfad0c28f64cb33e4dddedd4875

SHA1
6ee31a667b28425d988675ba61e539703118d5dd

SHA256
ebf91ed95219f2715c9fd9ff931568a41382b6054d5b9c93108ce28307ae305e

SHA512
ccbd221d554da4649d93e55da9f113c3cae6b7795ff4f8906131f7f64f9105857f89f10e0860b8fa4dc491bd78ff5bbd094bad4010ee8d80c42591dc40fc76e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1049.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1128.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit