9206ad5d9f57f13737cef9c350d803fc8f7fe27af117b5491bf38485e0790cb8

Analysis

max time kernel
132s
max time network
129s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 09:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b4e5d80ed6cd2fd20ae4f1ca4972c89_JaffaCakes118.html
Size

35KB
MD5

5b4e5d80ed6cd2fd20ae4f1ca4972c89
SHA1

66406045f44080a37ce34651741df010e69463ca
SHA256

9206ad5d9f57f13737cef9c350d803fc8f7fe27af117b5491bf38485e0790cb8
SHA512

f55816c96f330d90bb8c49489f10b7c24c711b18d8c990c5c043dd733b64dabb3dfb75d234faf5ebbbdde40d42454f490f9ae031ba16e49d4c6b2e46483a22a6
SSDEEP

384:0F8Z+WQv7msN7jU8HlSMGKjMHbT9Sc4DeL/hc4DeL/q:u8F2CsN7Ljc4DQc4Dz

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427542231"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6022aee4bbd9da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0E4F15C1-45AF-11EF-93D0-F6C828CC4EA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c700000000020000000000106600000001000020000000f26a61ec016121db3b6dbe5d93da3b0f510335affd0601986165ed4534f1e123000000000e80000000020000200000005c1c36874435cda1e855ac9b33a96e10d1d6da25768fc5c27380a229a88295a1900000003a6a7ef3fc1083182a80bfbbcc1b9aba8e2194b4fa3b0274427615978c2800d2fd6b8fd4560b5a01ce8736db5ca84a222b5e73fb0bc0273239091707f5ad65fda74ff472323ba5b068c5290f8afbd0d0a7549a18a771a70d71d7e2dfb34ff1d5e2ee982d126779e060b51547a9928c640c34a5f8ee7525fbe31bbb663bf0c37b07c9cab6205b2f6ed7ecd06d05a179c9400000005316ff2635bb11746b6183a7dbf8711ff1cf70195566c28cf28fb9bc7f00e785cea7c643dced330c17645bb2287c27f5fbe12c88031f55768d832a9fd6c57207	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c700000000020000000000106600000001000020000000e03bca7cda4760daf9fe6114966241073678b05202ecff3a4755392bf1e3589f000000000e800000000200002000000087df203bd0970505828133d3eae0d325be33e4dfd1a50334559628b7d9fcbe5920000000dbffa45394deeaedfe270916b6460fc3bbc6a0947a99429f72fe579c6c1c2ebe40000000eed6a4f822ca327ee50df3129d8f750ab65a784e745fbd1b7b59b9eeff5722e2a09ac7929d24211ac4694929348812be61bc8c7096e0d693c628b247b2577c2f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2532	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2532	iexplore.exe
2532	iexplore.exe
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2988	2532	iexplore.exe	30
PID 2532 wrote to memory of 2988	2532	iexplore.exe	30
PID 2532 wrote to memory of 2988	2532	iexplore.exe	30
PID 2532 wrote to memory of 2988	2532	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5b4e5d80ed6cd2fd20ae4f1ca4972c89_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a3414f5c4c41707194b6a3dd54ddd99

SHA1
56cc4e476b27e6f826a9f899b2f8c36a330181b4

SHA256
ca9583d1a775e5f5a82fee295fe5a853365ad23b77996e7ce0c65953b7c2c263

SHA512
e3ab8b6199c119f0f0d951d4703f2af0b5b72cd2b7c56ade7e85e4d0db2d2a21fc4abd453a08c66888a6f4ce7dcc44428268d7ab72b8546eb54b9815cb3ecd83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7c611ba48c1c82d85a6c28cbc41ae52

SHA1
b7b8fe0b819109c17d4717f579df2e1668e200d2

SHA256
621c510eb16cd11174328cc469bdb4dfda2cfc229aaa24f6e3da1643e615c10a

SHA512
bb8f6b0c2efc1a4d34ecf16aaae89c2f2488e66218206d4aa69a3e9b6172c0ce6f593be98112564d18bad2158810633720d155cbfce2dc81e354e32652b22b42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a05fb3352149c6ae7238a54ff8cb33d

SHA1
1883402885dc29f77b3592b1119638ae6d04e933

SHA256
c45df8d6d13c67d950f22ebf4c6e6f7e7eedf5509c784c94246511ab5cf0e76e

SHA512
da08f353180c6c314e10e2b44ff742b4d9e6e078c4e10e2db3c747a8140d168a7e936f5518111e1195b5b12b89dafcbb1fec52f3813c44fce6c74fd99aab21fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c37b934534ee7d9bc31c1ae4dbdccbe4

SHA1
45c11f85464c0c5e44c6e765fc37c71a5193d01f

SHA256
be73b1c38e08baf506e29a0914eb10580cfddebcd86fec7b96ba5b01e2c2eda4

SHA512
e07b0a4ec915e7dce6ca7d3da304d844de9a13670c317f58b114cca39d496ed8a948d7c05a76176c0b841380874677aa76ac87f7a474806ccea077d81d6d0581

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8046cff5083310012b3e46fa119a9eb1

SHA1
dca77955e7222923e54198ac8360f73ebdc8e926

SHA256
ba10bb8b093ce620a81a5163a4f6618de6a679ac77b9ec0c235eb8f3df4ca8df

SHA512
d7c952f222b7722d978838f8b71a7cd1a426ada41c86fc265c16a65dc2c62a71f6c550a712f7af0eb8dfca997014d476f23b37fa0d59ad2975ceb46b6539a2b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
627629e13eacdfc18245d03641a7fccc

SHA1
7185d92684155c39dae0d91689bdbf812ce7e1b0

SHA256
1cd0d5db950d4256305c8757dd3b5d1bb7970591d98cb64a86595713fa95bf50

SHA512
ba249dc64b23f412ab4a7c037e73330c3f20f2fbfbb52fece8cea3fbe8fdb0cde87c99171b002f6facfd0d356ea24f6cf7cba256eb7bb4a746b270f208df2e57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12c7eb6ada3aa94acd360828d3582076

SHA1
9b62abcddbdf4273a17ab04c390235e7d4e1642c

SHA256
14288ac6aef960314a834dada701236fbdddf10bec931740c0b3e8996503e69c

SHA512
39e8341da176fcb889424d076f4d5392d90477385fa70e7a10339a87a7d1de8d72b2ccd8914898b29f773b9c2ea5f37303e60f0530797b629ac0b98d4c3f0aa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fbe63da125eb9aa510e7abe6c4918e29

SHA1
ec7e8ec67dd38fac66ef6bc0b503a4b41721d2c4

SHA256
31552ed5d67cb6ef55fc8b94cf8bcbd8ebcdfdfa59e8d48c3ebdb231691b200d

SHA512
50bf06f8e6e2d83fb250c13da7b008a166c86686ea1e967dbcc75169a31057d35a917e311ebf1d9cf98e89658af4d106a880044f964671f2c0eb09e882a048bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ea345deb67779800cfb8c8f6076a251

SHA1
67c1edbc20c20bb22bb52b12421dced7afb346b5

SHA256
4107868e5e219f879bc8865423eccb8eed075487f655753510f1fd8b58c3e403

SHA512
0aa58db0bf4b291f1c8e55ca92928a6cc490fdf062737c5b95699d38431cd88b55d36dc09e2277c75c37905c354c76f7b5789ad32df254cb922ff13c2c76ae2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc7e299087a3de7b6aff50523c941cef

SHA1
6012fea19517496b5de92b9fe8d61d33365ea09b

SHA256
e8334105069f2166d33f5494b031eeca8ecd5c1438687dcefa87089293f9eb88

SHA512
73203b2e5a0985f72e957d75e8af9886d5194fa3264e6bf6954970f661595a69427811c7d70c7b789fe3527d942274eeab4b6b58b6535eeb534a5ef4dea61b57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47a8cdfde21aedc4210e6f626ff29c31

SHA1
31e466300fc55139addec8bc818e51cc2d8434f6

SHA256
4b50306eb7fa04c7a1872353c9fb22b0899ebfee08032cd8f72a7bdea8b09fa3

SHA512
43dd20ffb3c16da5ebe09dfe4d24a45a6909c14195b156aae87e793f83eae538e2da2f5bd212cc31a7b4a9cceae5a319f6c22b57540b391ee3c9504201d2a0d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33fb15e23a655e1f1884c49eda40cfa1

SHA1
c5767dd0ac36caf3134b603dff8f1ac269abd615

SHA256
8dedded310395c99b347b7e65a430ccce56284a4d65b7f3154ee306b361d94e6

SHA512
b2e04155dd14c8b122ac30fd0e3e474309764ef706ce9546cc78f8b790392d54a8913cdf1c2a65da29a2f5323c0c060e6859fcddd244d9c0feb29bbc8fb38b38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73e7562cd4c344e8a0785b8b3d7dfa2d

SHA1
d65d5af40a08d42be54451e6bc910b9922af9b7a

SHA256
d9d1b5a4117391a3fcc55648880f10df33e1dbf57300df3ecee7dd74ed8cf6f7

SHA512
2ce64edf773b1b834f24735d8c269b0e2f697ededb0d1f27ae135ab8001caebf9e809511b6836d19b53677483295a261d59950da74b76893e55c61151ec81028

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9d569b9c541d0aa1ea509d47fa55601

SHA1
ef90b5c9ffd99aa7ec284c12fbce82a0908da8f6

SHA256
1409f786d77c6eee8f5f99b4a5d2691b909afd4aa8a98306275734de467d2639

SHA512
e9d9c09b5c9cbf6fc45a356c2350d109cb212f8c6f7f951e11840c1bbf005189ad98ee42169a6c4c35bb6bd543411c1ade4fbee27f2d63dc0c16e4fbc35bcb7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e61501ab5984bb4b4a5f784bbf4227a0

SHA1
0b156c218b3f17aa871568a5612c299571ca915a

SHA256
de7ec6702418c126e80c0a09a03d042d98cff07a3451000bd085a71f641ef5e9

SHA512
dc49f5c70340f0942002f9f066256241cce648e56227047eb07385742be62648b5956ca12b3f4f4d3ef9c28f6911a73f3e557e816e3d0d57486b53a9f6a37cba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6a6a0440cbe53e443c6446caa6136d3

SHA1
848684b52eab9168c92060ef1f3e736b61bf75aa

SHA256
4da90da82e18c5bbf86df337c60918a85f2603587798aa696c65a215eccf1495

SHA512
714b19e3a62420e908887fc7caadc5429f58bb0a2bf3d93c67b27f4bf5828cf32c2a18602ed43afa9d263a730a7cd020fa647bf350e37b6708f832c01bee28f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4216fa520c7ecdcd21413c686dba93f5

SHA1
af41e72947687861321c80e2320206fc214cbcac

SHA256
a0635eb8bc68c6e06c06bf2be96a491ca6dee1f7fc0f8a4450f46fe9aac6bd4e

SHA512
706cbf81577d6957da05e9b6fa02dba89a1b39b9d2a5f11525d58e1221835e934afc7c4b0f6e84e96e25a89c6d8612ea2d132e46b9d15c2bf75387e7446372a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD136.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD1E5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit