50a11a5808078ea92d12f6fbf8c678d89c827e07bd6c794d0df8a89a90bf3576

Analysis

max time kernel
135s
max time network
129s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59d2b1fe5a069e6e77ef281510611b55_JaffaCakes118.html
Size

17KB
MD5

59d2b1fe5a069e6e77ef281510611b55
SHA1

2bd42291017b9747f7a3381d47e018481f8f7957
SHA256

50a11a5808078ea92d12f6fbf8c678d89c827e07bd6c794d0df8a89a90bf3576
SHA512

1640ae6d0c89f8d2baf0fe92c6407c375fbfff54e42169bd5e8ec688aa218f13c97197d72939a6d37f85086bc50c528fe2fbede1b31ea219b27a7ed79ed92d98
SSDEEP

192:1IyuEr0u6jv5MDwHjp9rR86iESQ1EI5HTAg0RAMfKYalsVdKNdghi1CR4NL4Rr+r:1IV5RFvTHv4ETZ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c7000000000200000000001066000000010000200000007efac975e5360d147921b8a4959977854c07878d103d8202b854a98f6581d1cd000000000e80000000020000200000004b3e339be56704d74c8206b9bb57bd76a628dde7e97e2e168cff14a96c7e3f40200000003fbf5d865b6b475f14cb33c0439c6573804bdd0f9f9043f612f047f278768ffb4000000081b93be14f671c3410906939ccd0e56c5e3544b2550d8c196e38d31dd3e7e9ea9009b69a32d74152a443e5bf6ea4c5ddb163ba49a499536cc85a0158d2d38bc0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{221DA201-456A-11EF-91EE-7699BFC84B14} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427512630"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0c1e8f976d9da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c7000000000200000000001066000000010000200000004e10e702eb29fb557c7cc19b46fb710139b409c5188f4240f722d03fb2340147000000000e80000000020000200000007419dfe739fc9cbf4d4cb3f6db28f2593480e41f8bd95529af6b8d1507e96f57900000003c54dcb78f80934bf4cfa3df5cfb910894d7bd8566da05baa5b08324b2bbf83e05af508d64419bc0ae315ad23147aaa512e09714f78241d54ffdbe170cdf09bb1f0e4281908b61bdad1fa98e9bb6a82a82773a5145c60ff36a147707d5275025334828cd6c726d4cb6247e7ae42ce80e5981059c2c3ea3eab58fe9646f501bba1c12ed9fd9a108371bd69a00eeea94c340000000bae5712a4cc319c947bcaff76bc967f0b05e21c552b94612289fbd1ce15b6ccb62c03a76c55eb44fe0e590a901a28df92526809b14a149b80cf37032289ed13c	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2408	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2408	iexplore.exe
2408	iexplore.exe
2312	IEXPLORE.EXE
2312	IEXPLORE.EXE
2312	IEXPLORE.EXE
2312	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2312	2408	iexplore.exe	30
PID 2408 wrote to memory of 2312	2408	iexplore.exe	30
PID 2408 wrote to memory of 2312	2408	iexplore.exe	30
PID 2408 wrote to memory of 2312	2408	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\59d2b1fe5a069e6e77ef281510611b55_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
057c62a31935464217d02625fbe1dfcc

SHA1
b69127240155bdf73dfd8bf23b8417d5e698fba8

SHA256
3375401517a810f4eec375f6cb48a58f1d5c74edfb7f058a5d57166bc3ad5cfe

SHA512
71eb8b3f4f9a4b6e03d197620df87a95d4d79bb808f49e9c66a2d14622380f362f1492be48f44e3c911dc5a2bff73235ca17579f03554308833706256a8f1801

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0abcfbc0ee1a212735da81a905d20edc

SHA1
6d904b3f087dca329f06ee3f5aba42ed5be7e306

SHA256
0d5fd7743f4cf8b5c2aab21f5c23098fe93375eabd5d05c0d2abb259c562bf49

SHA512
eacad38b07fe662a237f4ee563d70b444435e1ed421b5d9e845cecc8af82660848d750e42c17e694177559e92ded9836e3904a369ebec35160c4e2adf4241a31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
186d625cff010ec09e6e9be92acaae81

SHA1
892518c5ddb30d953c7fc9877f1eae37108b6ee6

SHA256
e427d49b8af1326e37bf883ccf17b5a24f658b8bac489a84b2284ced1d7ff9bd

SHA512
9888f544d99a07d45919363cb72c81c6c47da1577cb915462cab04ee93cd3b1f2b8f641aa48c8b32c24a5629dfd8f6a5e56bdbdade06bc513bfd08b397f82dff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95d4ffc71ca069315c8e4f6f564b6188

SHA1
653400190c853532ee66e12a707fd8532018092d

SHA256
f4e0aff2252411d30148707dd3e6410087f26964757f0f3bd7b73f241476785b

SHA512
e5e6b862ac38c0f0481462af2fa9abfb33ec55dd52f086341fba1848b98978870b7581a0a2826fd296505c967d95e6e4597aecb85ef8035e5c16b620de74ee3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c21c6611a04e5f03e5a338f9ba752a3f

SHA1
e92b5314588132c389d9da65dd60f5f76e000443

SHA256
104abd55a78ad142e078c6ae165a424a2a4930f84a101e2446cabc9219a2a399

SHA512
7aeed25114ce843865a96fee6eaf33be9016697f7919775c0baadab7d8f97a8c91fdbee464186a15d4c5f9fcb6a1291411895fda4abfc5147c2f000c43557c14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2b5a3c5b63a864cc2e35a96536d572b

SHA1
4607c1b7194fbd79265014fb5c9e6bbc7fef94e0

SHA256
a8c76a016a61c21c03193d976e97f257bdddc974449081a4553b300fcaadd148

SHA512
b9996c03a90411332e57a0824bcff7cb5724a566ca59001dbba38f6049e1e5ee791b8003f3b4f1c698347ea7b9ea77f310e7e49b51536010284170cb95011958

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d26b276b02cf412a9814acd2cb2e0999

SHA1
fecb99f26c6d3dd3297f2c9ed47a920da9749cbc

SHA256
1293c274463cc61a5594c9b2cc3cbf21dc5bc2af32f878cdc3d0e476a38c8a8c

SHA512
10fe14c084a99e4e9fbd2cfdb3d565e78cc1102d5cbbfad49f7368427be0bd2cff4b72d6ab5fb8858257d329a47798ba21b4da634c87060ef533dfaa970d7e5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c2a7675c11ca9d952d3c8f24bb8d700

SHA1
10a7ae8d11036f0058b7c15e32120aedfdcd1903

SHA256
c73dc72706d1bfde6c8bcb87f8c19d6715d25f61d97d8a400892f9760b207d9d

SHA512
5bc6ee360939654de66a61ae1af2f5208e79366ce538d29fa76deb0b48157f9738beac8d6438a357409494e61b6b4fd67159ed83e1ccf5c88934e028e3fe4ad6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a21219586eb22c383b6e6905b403cfae

SHA1
7f72a97e54718ebf1ac83b416c340a2f6220cfbb

SHA256
59bd78fb193c31be2aba52fa86a572a631b985af1639a56c52ff85a14c99625e

SHA512
80a5055fc6add075a305d1f790ca2a0ab0b963a5677231df21dba29982c574c2f0943571e850ea2501748639a0326df0cff27cfeb526dcd3827ecba55bbff4d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3083eb3a7adac8e5e110fc8fee0500b

SHA1
a007ab4dbcc55da450d1d9ee984feefaeca1640c

SHA256
468933d65f8a7d5f28d8431afdc32a03d592332e1321b10db152148e6a1a5637

SHA512
59ae21be4a01eab2be3ccb943190c9d848767ebe799cbe780e3336c76519e37131f041e6a0b39378f60dd8c70b18ec521f76b5ebdc42b4333d2f119a8ce735b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0fa331ac2eacc7d411d41a0231f767d

SHA1
d9f87c20e485788784b91dcad491cd9fd1e1b94d

SHA256
bf2fea8d7f6f4d8df18af0822b63aac5ef6ab62c5cc1f6b5be93adc4b17afb8f

SHA512
3c1f3e39f15ed1c98d9b047e898a37dfea65c1ae84792cc4322cf27a94aad36b095b2cfb7a393932fe5c2a7beb6dde6fa465718b084b7cad333a1e719deeda5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32380cbd0fdbef0ea5a0f647ee011453

SHA1
bb7d0d5345784fca6a9233418814410bf6cc6d17

SHA256
325109e42e2f1ad9f0e1925af6d23e9b05a704c9a3d147e58a0a06d36fab2435

SHA512
d271469cf6a71b79f3387ed40041ff537c0597c269d52b5066f781eeea4ebd3eb44a52c55ea02925e79e0eb4ca399fd2daceb31e3c171f2fe971a6a2652e5357

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
916d1992ec7c8cab708bcbed336a631d

SHA1
c2b80182e5e0140d68eef682e1e78557bd0ba97e

SHA256
42840c147f0793174200bbf686cb69405e4f9b947408e98992a40625c8a770fd

SHA512
a0d21690fac05b74e6bff3a98821dd32a4352a2af71f8029336439bec47394e2d183d2ee6713c1a1e9b4f6dac627d7fc4293645101f4e9343c7660b99b839cf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
308386708561159dc1c1c4fc3263ae8c

SHA1
65ad5018e14ec5a9e15c50c70cd542e3c4bbac77

SHA256
9a624f9d86c7003734a9ef308263e893f86969349431ede9d20692efd07e7d6b

SHA512
202b9b2849aa1073171a2c343ac4044c3ab1b9e3b5a2e87b9c69062adb206ddff9051caf6224e0faa6d3c9b359b91285591d6d0906278ed7ede1a46b6fd81754

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
090076edfdc0ebf156fefe480c333fad

SHA1
e531fdb9bdcb1ba7fde3fb489d5439aee73f7c68

SHA256
687b9be3c164693c879053266ec0aa0888520bb5383af0681a73d70380051ca6

SHA512
28ca0e8047f12785a50f4254f4cd4d6ccb0f84c1bab8424595a5843d6fb9c1eefbd2f6bde881c16af58af951bdf4f58e117daf5edb922edf4aa05ffb67e1abcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDFE6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE057.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit