1463af0556914efd0dcd08534eab5f7c8c650024cb790d580a71e2e847f94837

Analysis

max time kernel
134s
max time network
127s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 07:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5af397399d81d1f6c33a501eaa7de21d_JaffaCakes118.html
Size

9KB
MD5

5af397399d81d1f6c33a501eaa7de21d
SHA1

7bb8a6eb525f56cb7f86156495019c3323c6af8b
SHA256

1463af0556914efd0dcd08534eab5f7c8c650024cb790d580a71e2e847f94837
SHA512

77f6768de07c1703267dbaa163d7b161e53aa29daa8a14dbee9ed91a335c560fa59da1319fa2812bfe73e605909d5ee18e08d8ae31f8d1b221941f369f3dbae3
SSDEEP

96:uzVs+ux7+rSfLLY1k9o84d12ef7CSTU3GT/kkZzps2k9ZslVHcEZ7ru7f:csz7WSfAYS/GknAWPHb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8016dad7abd9da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c7000000000200000000001066000000010000200000007e1e4a186dd3099fc132b50b3a8c6723aef3ed99ac118fbecef125ec606259c5000000000e8000000002000020000000ccaea3fc6e7399a25621623d2c2d3e2d93eaa3dab43327cf6577938b4d0b119b20000000f9addd93ed3e01f37f11c03e4808f82a2ef44ea50722a5beb178618df444ed3c40000000badf230b0303c377557db4d18da272ec2bf5cf6cfaed1ac0fad55774fbea77496c42958582834850cc0ab3370d2ee03d15431184b2105882293469bb67534e96	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c7000000000200000000001066000000010000200000009aec7676868735f2ad9fa144f8640369dc3e26ddf34828a5b4bbc7745cba2030000000000e800000000200002000000018c53e0ca082259da0f63278386223cedca2609fe2d597616f38ec83f00338229000000034ed778e6a8d6fd13e8d504dffc30848fc77f1901e67058f85186e4c925fdcc3b897c81863af63295f18dc5d4ac7c95494040b9537f47fc26578d3af48eb9715a3e53ad08352ee8da8bf3053e6d0f7a05a3aaf920ea08f12c5cacd32d4b9b02b2dc3d2adb2ffe7661e40d3678c657be7704ecda9f014b3eb695355a951a23a77aba25b620535ec758a514fc33f2dbcb8400000008ade7a73cf235bee239c7194079fdb06571cc1bab644ae91a8bead2f522e584984110fbcdc1ee5828fed059414d5ef5c46718c515703486af4eea03e25dbc169	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{02E91101-459F-11EF-A2BA-566676D6F1CF} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427535340"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2084	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2084	iexplore.exe
2084	iexplore.exe
2796	IEXPLORE.EXE
2796	IEXPLORE.EXE
2796	IEXPLORE.EXE
2796	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2796	2084	iexplore.exe	30
PID 2084 wrote to memory of 2796	2084	iexplore.exe	30
PID 2084 wrote to memory of 2796	2084	iexplore.exe	30
PID 2084 wrote to memory of 2796	2084	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5af397399d81d1f6c33a501eaa7de21d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fbcdd114caaa1ea2784e554675364116

SHA1
a2f0f09e835767925890ce6b75ef257af5bf4f1b

SHA256
e7ec80498a38239877060d308fac753061179eb2d0dd0043d8ee18b9c46198f7

SHA512
c98b62a5045f8689c376d2e923f200feb4950ebfbf1a56c4b6a1f35473196d26c7b3e030d4b6e271daf082cedca846e8755c24b0fbdf086ed0ebb5350e31ac3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a189225aaec0c57bde2ab31e9492d1be

SHA1
22d7f35aa58cef5732f1d00bea3794e015fb028a

SHA256
0e5e89a26cf78e353f619a4e32b678c0ac6a0c999449caafe9c6c56f12a30692

SHA512
6772990ad2499fad6dc829b5a0022007a4d320f0cdaa793d174d73f89f914ff09f3971f0391f50ec6ad97f953b1222e1bad7d41b832e1e982a4ac77027845f13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e11f0f2bd564c3b326662a1442c5f0fc

SHA1
1953becf04a42632a07d406a1e786cba1c63ec5c

SHA256
91df270d595519146e7e52f1c7bdef6456dda682758f9868a2c23a00d3d9ed1c

SHA512
b0c5e48854ba67673521192601903a6e0f2e228806a25737d4fd1d6fa11c1ce098063acd719ec7cbdbe546de20903de37687d45e919b366c67c405f0ff367a25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4557c6052f535ded7bb565743c7a7740

SHA1
49c1cacc210bd1c559b7c3f91c6afc6518ec63ce

SHA256
f5f017b74aada1186c5cd8bc03c059ae6f8c8f38bb79a9155d6fc6088f8fd7a1

SHA512
78078db8bcd6fb2eb292f2eef5ff9349ad77f7f0eca7c0c781dbf55439a9a519a2582098728e3cf649b5bdba54a54df789d2a1ee4b5723ff1e3b0ef37470d34b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b23991898d6d8a0f3ed0c0752e2be8b6

SHA1
b8e9fa5cf0ac86fa8305d87fa8003c2cb6fab704

SHA256
b6cbf87f3ccac7a14de0cff277506b576da6051d078b5a47e6d74e3b4d98ba0c

SHA512
03d7bb1ad56b95e6e560edf2e367b3aa514da971a16b6a12bcb81566cf1e09548fea26809ddc84ae33544651f3a7425b89b4d3146e002ea600423eff0e0c462a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
462ebf4ebf82834b9f51bda591ef533a

SHA1
99150e2e227baee2a047092595c0dd07c39171cb

SHA256
5e3c0802fd5dc53bdb4177a116b2d184d5f51f868385721a4f4df2e23c43a982

SHA512
d5d994730ab293f67153a21070d9894f9817e0bfc4a97c960a983dadc16756a2068ba5fc1cc8306ed70293d27fdc471526560f3447b1b89f2458a90f038750a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e86da32f7674fe04882ad75a531ab6ae

SHA1
dc49d7d8675458d1bef60cb392d40829daaafec2

SHA256
94a62fc04a0263ef1d5ea0365a3354aef49c9aac5bcc27146b0ca6f077b20b95

SHA512
bdd8bb0d920342c7bea27bfe64c27bc077f0350d982ed6f017e4ddf41c5465d28abeaa48e68c9e521dc6932e8c0017684488c6ce566076046b7ef3bee09eec43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3960b9a39a65b9e69cfca8e487b0cf73

SHA1
7eddfbd4992049f8549183bb91a336ea5699deff

SHA256
03686cf5be1e32fde316e1eaf4bc529fc31e85e9ebbea25089c1c35ff1179b7b

SHA512
84ff0a8e00686ed83a4b39201439d35b00583f75a021de06dbcffd013e592036cda219b8d11d78aa122f86a9bf8e10fddb9e0fadfaf8f5bdf74e9ebe6f8ce69a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e73f2807871c81241f261bbff26f348

SHA1
a41762241f22455ab23d3a595ee49b6d45ef958f

SHA256
018ea7e361c1580eb598caf19c133120c55956b2f137d2c8abb179bf61d7f7fc

SHA512
52458ee108a97c08dde20682ab95ae2e42bcc1e33323dd2b85b79dcf1334d64cb18bf9849d7b6841abdc5daab1061a8255ffb258d11289f69a04b11dd1610e4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e4b7ae370204339762efe07519b2240

SHA1
9485117197b418bc8b334fa5d00614ce5296058e

SHA256
a403ca97dea1779ad62a97a6e555287c74029e0e01905a79f1a326d50d939dc4

SHA512
2edf1d0e3ebfe51b155ebe01cc8117a4bd2d061436f8344362c17df70787a0eeb89cdfef71d9536acef84e7d74e69ab66c5fba58d2824d92ea262303f03afb24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b971ad4d444b8272e9056b6522e2a020

SHA1
70064318fcaf64b38942a7cf70b4feadb87c0f87

SHA256
8ec0c8eb211dfc26ddc56ca651f34bf2388c09947a9eb05af3031ee2093bf901

SHA512
19766cf5bcad1188623ce71b14e67fb61780784cbc7976865dba69042943bde640b09b608b0c98cf725e11bb5917ca53d4a6c474019e0ba5e9d890815bb1a5de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87392d16902eae076d8aab8c235e94ce

SHA1
dcbe8027aedff12c0b60af3c77244d8cada80657

SHA256
e304bf047dd521fd59227c8e9c9e6d66a44d3865e7fc20164107294ef8e9fe70

SHA512
10c3f32f754cfcfc4998c40e4f54839e70881c83e6e2f6f8d9f4ca27eb7440b64455efa17e00466c069e52d5841c3715b4c968718f68261a8729bbd3c8e3f0c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1cebf66abb2dd393219d4e572f7083f8

SHA1
c52fec49abcb9747b22398ca56bcd8127f122b20

SHA256
85ca9006da58bd53b3f2acfd41ef851f6638a750d3ec0fbdcf56db6101933db7

SHA512
a53652cf1939d0d7843734e38e1fe28d7fbf22edc7af4c3692e6e372444ef59c43fbb4fa7e7da3985e1cc4846fa1df60122b492d0c6d0cba3d495b3efdb2e1a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfe10a7486ee3c768f2eb19278c67bf8

SHA1
cbbe07a404afae38cd9226da5e8d3028d1b794d4

SHA256
6bd12c878ebfd25478de82ea5db0c3f462c9b07e2a6559edca9a4c584df1bd70

SHA512
cf45d632f1865a4e51e5e55b2f211ac23c1818324aff69d048a357af07b768d58209a9cc84277346bce37168f18954f0a1e4577ca83e78fcbadce357b1e10e60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6057435c31b04fc2e8b16a5db7f269db

SHA1
f5881c166026bccaf85a006e13903656e4090b37

SHA256
d16d3252bc2d0878bcdc51230cb32edd6797cdd179a42a2ee7aa266d2aeb648c

SHA512
859e99c60e5bfacfd70f6ebf7cb4167877189c2b6e41b936b86ee56dfd076d314b2fda4e7a4a6255c16240d5c4d5d5d1fa5df2231236c99613393c4b96ba5867

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e8d96a357232692bb4ed9b5bd3faea6

SHA1
6f1f261e4090c09f7dfe3ddc4062801bdb938bbf

SHA256
0f9bce905736703019d5b87d2763d003cf7c4e547417837a0152d8104ca9852c

SHA512
c04adeb7030ae4dd625e8ffd07e1d2c181570e22f41e3074d715b9f2004d33c1d383bde2be3076140187af750cf2e60b9bb738ae95f3c88fa04e85aa2e01aba2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5af6c4e0e2766c905e4798b8aff7daa4

SHA1
4ca004c4248e074f8228e873acf3116375884c29

SHA256
08b9e7adbe22975a6cf4cbd2439ad463c4288d2d2e5e4c364abb5982149d2a4e

SHA512
5d989fbd75217ca70c6c0b6f07fa0834fa029e02203f0311e950ac8157e1be6a1e21d3bcc5bec87ee88dea6ee4ca8e1c9a4c05993a1a2f649a02ed152cf06ff1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7D1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar831.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit