2f458e8babadd8425764f75967b7ed0007ba7552617254bb6e68b411fdc75689

Analysis

max time kernel
122s
max time network
151s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e4e6ef5106db0bd72553c5bcf9137f5_JaffaCakes118.html
Size

22KB
MD5

5e4e6ef5106db0bd72553c5bcf9137f5
SHA1

0c97771eaa77939db5c6e5594f01ea1160c23e54
SHA256

2f458e8babadd8425764f75967b7ed0007ba7552617254bb6e68b411fdc75689
SHA512

d8880b40874f406ef10797c92ff00ccdd78524fe2b4ce01a1533f492a88ea6fbaa4110490f99857c41f6924248bced3ff5e4c0411f4c6d2baf9cc3a104e7ee96
SSDEEP

384:Wu6gKfo0lN2g/GqKcIOfZG4ITHnBgRAa1BJFhvhWCBL/7nAZcRzttSb4FviFJa8L:mlR/GAE4NFviFlL

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000bd8cec3e87bee900e77d8829f8b33a9499f34ad46822e6bfe36f34276a493633000000000e800000000200002000000091b3fbb0407037aa28a155a96d4ae8a14fe3ed753cef3d4c984624ad03727c3c20000000aa19c0d4c2644a7c2db23e53273d14b526b0cb641e2fb5ea4fecf14d26e7d16140000000825157cc60ac9fe63b189c01c3734b29fa315d1aeebe03ff9e4c4fb77424d2969a2e8893907376a1ebee207098b3d4046c28b603b9ffae85d43e2fac6f8406b8	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000b741cc1c4954e3b32496763080b8a87e1b86df5d13df413d7618c15a8a743b62000000000e80000000020000200000002fc331792d5c7ba600044531f257a531c49d9a7681041b68e7ec98cb851eed3590000000746fae30b97efbef009782b54ce114663fd663f7bdefe0f74f767a926499f76effe8145abb29164bb8e53bea3d9e6669f58f9c8f4eb82c906317eabd45e07d824b5b86e0f6ef1e60a3341124e517fc561d35cc55f68801210536344ac56193af1415783a4a677f7560255136e8248b6bc8fb17507e085fd336fca4e74b27e7ebbb1c93e502e093256b82449e8433e673400000008ae4c4d6f8a564401de1de07d2fcff92f80dae4daf52d5adc9852d4d2d24e4b424719494c3e4f281bb7a093cbc1a0aab5f3143cfbb9d2547936e173aba3ef3be	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2F79AD31-462E-11EF-80D8-CEBD2182E735} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a065e5363bdada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427596834"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2288	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2288	iexplore.exe
2288	iexplore.exe
1800	IEXPLORE.EXE
1800	IEXPLORE.EXE
1800	IEXPLORE.EXE
1800	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 1800	2288	iexplore.exe	30
PID 2288 wrote to memory of 1800	2288	iexplore.exe	30
PID 2288 wrote to memory of 1800	2288	iexplore.exe	30
PID 2288 wrote to memory of 1800	2288	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5e4e6ef5106db0bd72553c5bcf9137f5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fb7daab9a913fe6a7fd849306b1fb4b

SHA1
0bd3d4be389d8164bb87eb3a905a0c5546604b43

SHA256
a5f3dec898a6540bcb6c3b4852f8803f4fec4815e8a93120ce931dd38671eccc

SHA512
1305d400b5c5b25274a662705700b3d9fab4d5f63a7debfe40fa785122eab294a42cb8ab50243138940128a3b0191576d3d8b6e6b7be7f5a49dbdcc0c88885f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49865b8fe0a79a564692543a0c5c27e2

SHA1
0e8d7c3969c8522140e57da9975e17977fc5b361

SHA256
611c0a0f3e1caafeb0bd01700d12de70bdfd7c9da68d5a4e897ffcbd4e0d0a31

SHA512
5b3156cb9caa234f85a77c1565333072aa679e13ae95f44a3b2ae2738f5ffc63ea0c0f350a6700ef462d1b3ec6bc56f7bc4924546401a8d30e29e0a2e6ed68aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e3d848af674bcfd9a5db89941ef9068

SHA1
c4cb0a6d521b725c485b022e889c970567bbfd87

SHA256
9f6de9235a686b4cf13697ed7e27f901cbeba44f649c712f4776a1129d98acb7

SHA512
ef1ded62deaa3220b43b83a59ddf5cec8bd16c3a2ffd03591e5465642b32fb2050801ec7069ce574dba05baca5c727cbd3b924a37575e25a70eb45cd1eb3fd9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d86fc3e31ee2ff0e4f43a62ff8332692

SHA1
c9b93a523c2cc0750a6124eb14e7452dd02a6a9a

SHA256
c185ae54b14597a27f7d90fbc9e94f6c703ffff396194cb59d37741dbea7162e

SHA512
6ab139622cf0426ca4e4fb82777d922e80535d88452d1635aa7ed6434225de67112d1fd1ff7bbde18f89a5325b0559c94790889dd0d7900a49bcb6a148df3c84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4b3664379a439bcf5aea8c2b2fe131e

SHA1
d8cd92ae2e407121f8efef09485511e6c282eb53

SHA256
09672275c23efeb50b560d8d83313123a2081264d065336d03eb3758a1655ab7

SHA512
71aa8731be1c9bb8631fdc6211a4f6c4541349763b8100841bce86de2bde18480dff36d1cdc14b9dc317e57a73ac6c9be6ea10459cd99ef853caadaf5290e818

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16ea24ac2d2da73574d5ebc72027bf50

SHA1
be0e4da912c5917a7e8b8d54788a2c01395fdbfa

SHA256
6b032730d0ddfa2c8634a8726f027f27b507cc086c82d0c0e84a8266f3ee0fde

SHA512
42a93888c843ed4e123c40f36f849001270c6e14a4d4e39d2341c3730db354260691fa0e41d09fcb302cfa4234368eb7a6ee111c67cec7a6c4ee7af94d1bc906

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff9b39ed4ca2841ae7ced5ffbe988f84

SHA1
8468044d1049b38a132dfca82fb045dda222f402

SHA256
89ea26e0686ab2207fe7a675b04b0d7af904ba0d906b0302f12ee7ba0a07049a

SHA512
da3c699ce16719764cc72d83aa69484c6616719cdf0b834c1a01893c28d40b125e9813e8f91a5c5585f67d709509117d329d597a7f26fea521ab9491bdd3f57c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1cb3ad11c3a08b7ccefe15aa545dd375

SHA1
6235569f2852b2ba5f7fa4b5981d5a0c068fe259

SHA256
a96c6c792f2f28255130c071233889bb05b078b4781530216581eebbae00bb31

SHA512
58e7dfe5cece7728f762015cffc538d78c854ec314e4e9e99052d249d3fd90d9614af682eb376439886edc7761e102121f41d51be188470a41b6723aa9c39863

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1fe7bc8a1444b2dea73a4dc96accb96

SHA1
062d340ed0ae7f799002a9a7516d6fbc2292d4bc

SHA256
39aeaeeaf597c71243f7166124815c61948a404838642eb392da7e09c92f4db2

SHA512
c515d6e25b0208ca25cd073ada9e590ea6dbb7157752a4f827dc9bdf3025ec56244a69b60b6d0db228e2456801fba92a40940cf5ca4a2ab513f5a9575d4ed818

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa0249942584af7a360ca9632e062354

SHA1
642801ce63c972df3763fa0f6e30a5981ccb88bb

SHA256
58116008db884abba2cf4766eb0b7ecf3b21cffb5b4abd2e6ecc3ec41ea9d46a

SHA512
1265fe3dc3585e6b01a2feb8cbb1aab82d4e337e648fce7a7376650e4a096e4fe5da316a03a94f86fe9a14bf4bc5f46cbad2254a018061eaffe9c2d394b2fe28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cac0b21b9d4cd717bc252b22b454b2ab

SHA1
f1ded5d776070b82707deaabe066069047101f2a

SHA256
c381be8592e3eaff6ce66b76e95da629734a70de4817a0a9063ea19231881584

SHA512
301a0f073e662e4ddd2a8b69b95dedfa899a459bfcefa97b378909ae65ebc26a4f0d20026a611ff972fc85ac011d634ecf0a40f3ded7965f269b9b9aa2e7fb90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cedcfc292dac1eff7d54fe3ed7f7869a

SHA1
7dd9a52eff5f98ed76a04ff063e8c1442ae0c6c9

SHA256
ce532802719e7955b44b14a6d8c865eae66dd6c07e5b13f3913c1037875c0967

SHA512
9dc6e10bf3b719c2af9520eebeff6730918b53ab1a940215a0dc1014199d7d374a328043a8663743a0b994a639e1056c20e82894c04cd37c583554fa46dfce97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0281886906786518695de94789366761

SHA1
8afe72542110d49c8adc28ea9924a70d88108493

SHA256
77ff259424094b0750aae4ac8c7ce963ff04f245fa5f28b311fc4e87f9d66fee

SHA512
3b804779dd7f5fb408d9f93b30c7fe2c13773b82a1257be6edeb665e052e12882e4d831669d44634be3ceaac8b4df12c9d67de2129fb4dc6d9eb5a4f1c0ef265

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e35c4e642cf8fe3fc422e8185d32a600

SHA1
68b30b32584cadeaf87786ee476c9f3aa2b875b5

SHA256
ca4c88995176bd1c34da4a2a7111f2b28b3a2bbb3b3b084f3adb2ed350259312

SHA512
6fc69f354c318c9128ae11f569bc7f2095ca4618c341671e38b0a95a5909edb240e1773d70c89e7fc4aee296119f96ca95a9358132ca041521a5c8237e60cb6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dbcfb922d1d4a65ea0ef99c4e37e82d2

SHA1
be5ffc81f8e8348f0100989cc859c3e3a91c6c18

SHA256
671ccb907b2f9d4535f76e3177774b66c1129f7db37f3a243981f42fc52dbd36

SHA512
bbfcf494b161fb3ce374b62066400a83e6a7b5f7873a079efe1a01f3b6d249291d8b00e2941b2d9cb52685bd0673e284c4ab44374a713c7b80f3a7600b507fa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1D43.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1D42.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit