0410617fab4e02f9f8fef21171211208ffe3b1ccf93d97ea657f7062f0f15590

Analysis

max time kernel
68s
max time network
133s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e954cab2883b136d6d88badaf65802f_JaffaCakes118.html
Size

2KB
MD5

5e954cab2883b136d6d88badaf65802f
SHA1

bcb1e37fb9a18adcbf9e6174ceba0f64d4cfa156
SHA256

0410617fab4e02f9f8fef21171211208ffe3b1ccf93d97ea657f7062f0f15590
SHA512

aa3c1e00fc21735760488a25fd6f70bde687ce9975aa812a21c7a32eb78cbfd4d2e2e2ef44388f655a4539fd604427669054e3dc35f9bc50fbe343960060a869

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000007198c843efc7a87bf8e25899a67a198dab37b12ee607bf49cd9f4a89a0b30558000000000e80000000020000200000000a7bd15a944a9176f72f89e8bc5770c4f2108b45c6f05f02bd87dbef7623664d200000000a6f8031104b7f421339c0a278286f973ffea5e0dd9f30599022cad166bf8575400000001d505692910486b12b7adbf3fd3e01d97df15a34b15f62faacec6dedf6f1755efbe52ddc616520b4d50651de550ad0fc7a23ee4f7e8ec1d144af7d6c28729850	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b700000000002000000000010660000000100002000000083b330a9cd787130a234518f0efd88dc3b7d0450a1fee9ca8824b7a7c6a87c10000000000e80000000020000200000008b45c261a41939002ea5ef86d8e5cb54fdec240a4f4098eb150b37359672233990000000847392d90d09202f203c00d66417e14df357bfd58b149609b9d096abe08ac73daea6c144233d95da118d7c0971bff82b9984139b6458995322a11efd9d0613be48d527b13e64b298a108676c76c496cc85073d18a5c43e61728d9f22fb816d8284f4f769d28260bb443a2ed2fc147323a15be78e8a49905a46d356b603eb99c315e47b4eafa0bb27874a170966afb08040000000d45d6c81473b7eec7ded68b6c54b6e2b24a9666b117d68d22fe474361acda96bebbe98e4f3affb5243f7aed48727674d1f3e73ce12cdd6b1d99add9ff6cae8ed	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0a173a647dada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D19C5611-463A-11EF-B99E-46A49AEEEEC8} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427602260"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1996	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1996	iexplore.exe
1996	iexplore.exe
1184	IEXPLORE.EXE
1184	IEXPLORE.EXE
1184	IEXPLORE.EXE
1184	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 1184	1996	iexplore.exe	29
PID 1996 wrote to memory of 1184	1996	iexplore.exe	29
PID 1996 wrote to memory of 1184	1996	iexplore.exe	29
PID 1996 wrote to memory of 1184	1996	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5e954cab2883b136d6d88badaf65802f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f35c8cb9c0a8bc056d16188308a8a19

SHA1
9fcb8279051cfb0c7e86d9c9051fc6e9eb7ad3ba

SHA256
e8dbc3c78a4855376a90453d11c639f90842e60d5f1f0641998fea5ffd33ebe9

SHA512
db0b46ad51341fbf784da632b01d3ec3b8519d8116b30f4308473b909d96e0b3137527787c084fb312c625977a492b44f6163fe2991f802a1dd4897237084f20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bbc1a81ae97149602f0679d8e977a2fb

SHA1
20e2ed434c4b6d63d6aec2ec37e8c9f24e6678a4

SHA256
b58466029be1c412207e6774233f44f2711eb66a7433731507a6fb59a90509f6

SHA512
62e5db0b1ecc470b45e355b10dcf93e03da34d8b1c512e4131d97f20403fc72112a7f3c69d89b65380397b478b6b0fbefe802e73626850e1626b4b9843290ed8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19754f64dbca5867d544a3d7a3b497f7

SHA1
b800d139ad0c1d8ef215edb1c07a9c9909a04ebb

SHA256
76fe96c5cf33e29469966c2ddd12b16ad34572370f99a180d7a68be433340bd8

SHA512
29b025198c50535e3c3fcfed87c58b049e7626ec7faa77c39294813999ff8f42294663f887aca2817aa393a603eb7f76a42a36f237caaf2e59bd52e00a5f7e3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11ffe092064ae186bc70c17aa64452ba

SHA1
65819e332a2e0b9fafb7ac6c0998f10fb296b19d

SHA256
2190519cb7d266ed8ab793c4d04819740721e64db9b4e1e5b583edf68d811fda

SHA512
d1dee227fe249a1d8f734cfe4a239944f551e8f71aea147d44a2cf00a0d63469fc7d8ba441a3b07bfad66935a9c45367f9dca765723628fff59fb40fb40e841e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afdf456d48c7c05e846c05212b5a0f44

SHA1
a6794bf1f5ab7fc2c7ed3278235bf360e433f275

SHA256
7612f92cb46aa79f01a1bb86a8df1a3f63b8644761deeb9b24c51b06b137ffd2

SHA512
6f82545786c17e64097580a416b42902812708999f310da600ecc185304e62132aa7ea10c8917cd886f364bf159215d2ea5855c0c2ffb2d3e6d3bb1b2b479a43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39d80836c658d0214b408eea59a26ce7

SHA1
e856cdb578884cc42aceda11d5c1b31628e7d457

SHA256
1054124d8a08012a0622ad0556bf55b8fdd3f5aeb8e8671ea3a41373553b230d

SHA512
1ad1202883951604f926d83c76bf8e0ae3642f44f2e3895af3385798831e324b38dc6e46f7f3adbbc2c349be8f3db138abfae55c1d3b80102b0e2616df1a05d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0015953350ba8569fab487ddbb9e9ad

SHA1
00d95f2ab8491fc334f100d7c2324ebd0e0d6b5e

SHA256
9609dc8a98bc57e0bd5b3ac7e049adc626c7eb279abde4de2aeab10ab4c5ef57

SHA512
4d3a949259b3c80239cb612b43df00e2aca4f8fdbae429ecfa3a625377ef4ad4f3bdceee5ae92d5ddbeb406fc90c65ed5e83c2f6cb1a99929b7d635306303d45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d757d1111174e4aa6d1e9b688397e1e0

SHA1
bb7533fda43288c47a05f2b8f2feabeed45724bb

SHA256
1c58f527febd6fcf3bd6744a5a26788f5b150f540b5a12d52516a01ad9055039

SHA512
b8f98d95adcd659afb034cf1d9993c250ed1ed43c1f0267548c2d7e0ccda3dd38e870c59657dde2a52857ac2a3223a6242ed02c2103562f950e2979702e5fef8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee638fdf3f5af74af6f4821c9db95100

SHA1
9a1004d0cbddc92f769ae67a7428ce0850f648e8

SHA256
e21b60a16b3507c78fe66a3215d6be2a436f6de1f68e791bc0c038c8af5ef1a6

SHA512
e083b8e41a644562d14d1356ff7cd30a6429e2f0316719ce342afffa72c4708af36cff459642b54072cd98549c91106e8f1fa8022077875d7f057f693de357ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f43e8abe2a5fbc6f4e49fd7dcd0d8412

SHA1
34056d7203d74bf58495e38df6f44a8ecc19b26b

SHA256
8ddfe5cd89ae2be453da67f30da715822f303d1067c28b61ec1e87d627db46d4

SHA512
efde21f05f6b3d03e2c25eed22857d5445d7f36df8f97f6cfad7d5fac6b9013e1371adeb12b092922dae0cd7c5ca0bec6e76157121857359d8f2ec21d54be3be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f4adbf89d2d372257eba6c688196ffb

SHA1
a3f1635f0a511356075e365a61709209f221c9cc

SHA256
09b8f904893f162cf942cfc85c7374764d94d7e27a4e18e809e494a71ccd56f7

SHA512
8586c1f888004179fed88550d7bc766b907055035e0264310a43dcee1898dd3b3d89370d1387cb64b3c3576e8b490d589ab193260b6c8c6d7f2a29709a4ae564

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3041ebaf9ead1f9437d9e43bce33a357

SHA1
c2e5da53d5cdcd6b3b1b1f27319e252cd7c91a85

SHA256
25b3bb3c1babd72fed4cf0ef5eaef52082b0416bc9e0df71c571e9700f621c99

SHA512
481a1b1e0a6d103803eb7da6df1078401bfbb440018ca9a61108bf1eed0c05758beae77ec3a2998b6a6b13ddf1c70c0eab21424aea495c7c43facc6c50100d87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d0839c58f3f4cc3972458b51a7ea5ec

SHA1
e41aa734d6bd95d686c0ce0587b232d68884268d

SHA256
9b990345a621a8818c8b16f2393367e0d991c701af5b4eef8364129ecfc29c84

SHA512
93fe910551ea39ecd2ca52d5dcbd7b84bf71d143ef872b7b8055209d3962e3574e8674d53f8997b22cf947678b9cb12e4480d090c5b18b59927142e498230a40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19d3007d1dab5053d765c3c1edb8c10d

SHA1
d125ed2ecd6d520835df457293438035f8759884

SHA256
64af082234ee6603c1d7713db94de4d18f899c667b64d8168eb9b3851b8b9a7c

SHA512
80b2fca96dc3d7b798994b367d39f25a184a7b15e876fc8655decc427ec14bf66b1f91249b211672e3c091b83644ef47d2468bebb7d15e14918a9bc39668f74c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66bb016c1f05572daf1553ce4a5d0dbe

SHA1
60cc70ddddff847e49b9fe5a2a23818931a1fb8c

SHA256
410f64d907175cd05a54251ed0cfdb0325ec478373d0bd7176ae2516fd9eed3d

SHA512
3ed74ea3cc152bbbf26eee9d9c0a72c7804e8b4dc7ccb1d62180f47e0d48a47e481e63e6465cb09256777a9309a5990c219a9b26b64c144ebe13780b8e21d94b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48f663ca69b40572e9ea0529be5cbe62

SHA1
15791799808a938049f4eea0221c9475519d17bf

SHA256
6a2de6cbfa0e985c6aa80dbd76835153642a492c11b3e1360ddcb244190deee0

SHA512
6e304855769da3ce1c7a8a067073cac8db21e477abc59cb1e889c4ef9299e25daa5b6616d85a4b5670be7a388f6ddf04aab061ef3935f423cc46e55f646cfa03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
785686c6a3502cee8308ca3bd6335512

SHA1
8df466e0eb9e33a3b826386c14bcbee93b3349c7

SHA256
af7c316b14e178e0859ee5659b558ef985657fa1a15eec192985941a2637fbe4

SHA512
bd3a44d83e9022d524b49824ebe0c817be949035bec10547bfa773e6cde7b0ab8922a743385b49ad486e0f8ee99902281ea42b4ee3e511d50e352f634f764ed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab41D6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar41D5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit