f0d9b22632f49e38c9debdf7e73981e019e2582dfff0e7894176c461753d1a72

Analysis

max time kernel
117s
max time network
130s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5da1741c92e6c14b71987bef2584fd8d_JaffaCakes118.html
Size

148B
MD5

5da1741c92e6c14b71987bef2584fd8d
SHA1

f563e4e66c2eac6feb52e802438689c34bb8b719
SHA256

f0d9b22632f49e38c9debdf7e73981e019e2582dfff0e7894176c461753d1a72
SHA512

a961a9762230a6574c0c36558c4cdbf37bbc8fbe1d690999cfe486ec7ad638db21dc7e59e385d337af26b8fd0d841a5c6bda0a827ba07de15ebbabb7e720fcd3

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d99090000000002000000000010660000000100002000000076dd5182f9a6632244a81f493a79984748c76f680cad5aeb333fbbc186482de2000000000e8000000002000020000000b8d0a6e4f29d8eb485f7620bbc4020ec6f1e509b75a7cd716bacae3dbcf0ca722000000076517326d19f66c62d8b0dbc59421a69ce1636db3afe1a263aa1e8973f086591400000006bd250288278c7eb209f0560e86d4b0521c69b860a24599245906ec51a8988dfd04e3ab8f03db4b7a63cdc579c0cea20f721b6ad5bffe55c45b09565b7a11dcf	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 304fc72a1edada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{51D8ECF1-4611-11EF-B5D6-E21FB89EE600} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000171ab69399a344593fb8c68a6f61bb3c54b3be14a224d86dc1007a19de4d0ab3000000000e800000000200002000000063b2b58d42358b20e578740d8458c98b419cd0c890e35c6c9e119696a7c23374900000009b870fddaae7f3b07797420f1241e0c009ccc489bb7a80b1725212410a7c9654395e6215461733cc3471076158bca6af1126d6559bc9f4957b9490707c868a52d026793271123a7adb6b4426cd7229782a5d8aec756d9aa885c0672e6040074f2b0c99d09ad5311065994f081ae8f42c4dbed87cbddd283e166929b58c0bac4e170d323b5bac702edb80c4abbf262e0040000000c7abe094a6ef25e3ba7734e2c43a30b939021de0c16fd535b2f5898fea1d216491b5120be1b3621f057491eecb62a98ae827c57e674bdfcdf0c7cec54e6f8273	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427584437"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2708	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2708	iexplore.exe
2708	iexplore.exe
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 2556	2708	iexplore.exe	30
PID 2708 wrote to memory of 2556	2708	iexplore.exe	30
PID 2708 wrote to memory of 2556	2708	iexplore.exe	30
PID 2708 wrote to memory of 2556	2708	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5da1741c92e6c14b71987bef2584fd8d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d783aa64a8049a476a8c46d3b45dc7c

SHA1
0496ab578b9d3d58631081f67057cda172725926

SHA256
32a20cd0ba9da6322ce14baa5631858aefed04c92ecaaeb3015cba3cf92b45ac

SHA512
469d23b812da6957d063b8438ff934cb383bf73c0759f17cea611eac8880798b7c7e0305e571315db5ad1e30ffb38a039a018b10a47ec6179cf2d31cea78f594

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cab033353df57e9f27c8b79c8c4ffa64

SHA1
0d10ae80de81df7643e6cdfe8556c0533c5b8560

SHA256
9fbb3fedf06c3e6961027e7115f3cdd333d50dadd359ba9ac74064fcb257124c

SHA512
cc08389f176a579f7103d770dd3d242321aa0adf0ad41148edaf32ff8060200835050b041dbedb866df1b8686c6eb9dcedf8735a82fa60f63278a39385797d76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0372704d6aa2aee361f490f6ab7da8a2

SHA1
c16d4ca9d1d9fa09c505598bde445acfbda4542b

SHA256
ba1fe70c3f4dcad08d89ca9f2c587f875a723e6189d7729c9e61d285afb45d51

SHA512
772e510c62c12d57a6781c40fe96d8c72f4a180f31734dfab01331d0803276f9b971cd8bd2112ee7d6e420e9fda97834282ad522205c4a7fcd88bea912b25498

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6146f0690fb329b13fed3ab6aa4bd49

SHA1
3fa37793c1ea0dd3ee64e54bc494275bbb13f752

SHA256
372618fb52e7ba745bf6c68c895ffb9566739c747f26e0faf501a1fba10fc028

SHA512
d4a6d2e6712b0cf97abcb2b94cd653d63a3207f5671226239512b93566fd0bd5333e2876e2d8601ac765c986e6443b3ab3c8c56355504e42347c5a95ea225dda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef519d5882acabff52993da917cebe9a

SHA1
2949a8ea8ddf685c9f73d465d1585931bd06ecc3

SHA256
6560bced830453f7a11e89b4f314b529bdb4799704e047b19c9d8671bf5c946e

SHA512
2f0f6542347a8f835e942b59482860d69f33d01b859f24eb9d32863b956009e96f861a9407ac320a5b30b7371906dc4843fcc6ad3aba75b7214bdbabd42aa067

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c53b9526e60205ec6430e421f9d34f7b

SHA1
1878655020e504c06aa4e57a0c83f1a251cfac00

SHA256
3e6ffac492f8b94aebb8460b15fa2a213043b525e6c374ea67c89f721fedebdd

SHA512
e5c11bdf0bc5d024432312e462648c850ac5040afbe55b91fb8020749afd8b57ae461d51621d4589946375792378df4c931f649c849339c6b21cf80b346e8e5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
160f60a51f27856023b1a2d255761082

SHA1
0d6e2a22bd6e2bf7c99ad4db0cfba75aa8f3e1c1

SHA256
9d29c8f17aaab2e235ce4df5fd08568f32e2ce8b56f4d1753eaa756456d50662

SHA512
361e3997fb61e750b519a54403acc1f0077e7e698d245e14c792dd5cd558b37dd26d3536319ed2654d3b2e7528ca9d9936a5e7915dc8766a77295f533bccf1d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5ed227feba6783c9981ebd73f7a4477

SHA1
66d8c6256be9aa2577c1a783edb02d4456c55596

SHA256
4014e77a2109c7bec78560ca5e911c1a08b59eb33851c3f7d14d3989430342a2

SHA512
02feafdcd469923f201df5ef048f5bbac0874a9a30a22dd531d1a5475268cae98d4f445650c3afe65ffd5a92c5a9ff15303312f5a9af128b362a3afb7772b017

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
502beed2f452ba6e3c5a257027be0db6

SHA1
772220feef74482ffe2d566df429b3904e2313f0

SHA256
d265d1c08fed8d885785f7ae6915a7dcc06894abfe2619acb787d393d45d5e44

SHA512
fa79718921d3208ccbe539486bb4b161bdfdf7c48183c3e3cf76d430031d5d890c6ac0d9f1918cb16510add3d13786c5b3a44a51c5228d8b0e4f01a9671e1031

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85c838641ccaa7cd97b27e63f9d46332

SHA1
d85112e4dc12ed60654f4e5916dc17c1003d6ce8

SHA256
4a1d83d022c3a07731d1881fdc7dd8a19fd4b3f1183a3fd72918d1521f7c09ff

SHA512
1931897e6ba58def684470b9fb2acfc01f3ce577b0f3e2e714b4e94c4aa6d88b6d4d6a79635c76125866a8cc6b2011894f6ca0a68188bec186f5e893eab837c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b196367a9be9cd85c5fab30a7f87ed6

SHA1
330e91fb62b7b5de6e13b9309389494308746bb6

SHA256
c436888cbccf8f5996f571538748dcde5acc71a6dbbacebaec6f11f19ef308ad

SHA512
d0e3aae8d54b64e0328b1dc5889bb277e7af87b3d80ff75135b788a0b58c4c1bdfe9116396722a0233946f7bb79c0cad1d936b2779bbe4067125b59a11ca2b89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ed26d09300c7eafb02e51418fce9e78

SHA1
895796232a5c47eb5aaaf9c98004cb6b96ebc07e

SHA256
f969d95b7dabf7320f6e680dafb1d0f7a52efab4ed95c3c56a510120f1f645e9

SHA512
769ece6142df73e0e07fc367344527067fce31b153c0cf22f9f87510136a851a15e4de00f9ad73554d131b3d334499b7e86086fa26c5fc71132525c944830877

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8fbfe198452d8f5bd311ebb3f98ec09b

SHA1
1b8a093d12a642535e0f9810729d48940b850c13

SHA256
97274c258e29bc8deca40635592fbc58625389ef2427c91a32e4487015a6bea3

SHA512
8a7666f9efd40b5c0f438db2865a5b6e4f9ff8133dc1fef64a0226326d10fb0713a9c335f16e52abac7cbcb29a668343717d919cbe7b7347a7047a11d3814671

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
095fc6c69c438c59a29a71eb58afffc7

SHA1
f4e489a0893594662cf4f9b5c6b5960f5cc73564

SHA256
5c8f87521b2cb4dc7992723f0dc57d49b1f14903d97ada83e1b518b61cfc9790

SHA512
1c989a813ad836641fb6521035174d4b2e6a6b59b935629a64b8428a8fbc862addb8e1d4ea336ccbcd36a634f3b86585c0e1493ec8d53bfb08c7b3b7efe5100d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF0E7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF138.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit