f3f11214b9c8490931d56e403c0ceaa9dc0aea7016fe7c84f92b3953904c6202

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

650e6befdd675916eec77925366d988f_JaffaCakes118.html
Size

7KB
MD5

650e6befdd675916eec77925366d988f
SHA1

61a82437d4825092cde24c37cd41ffbbc10a52ed
SHA256

f3f11214b9c8490931d56e403c0ceaa9dc0aea7016fe7c84f92b3953904c6202
SHA512

7b67740e1fb3514d37b2cbfe1b8e8eef4e69183ebfbe8104b15ec53c5429571ddff75beba4de831a382e5495fcfd3412997763774b04519e06228516e3b7ac03
SSDEEP

96:uzVs+ux7P6ELLY1k9o84d12ef7CSTUBzfiZcEZ7ru7f:csz7yEAYS/hb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000360888942b23c5be5be7a9c4a11ca876dfd6992a7c6f38d877bf4af0002d0118000000000e80000000020000200000002351e7db7a141497963987d61b6307d69d80f5f73df84a54cbf5e0f87027ef4a200000004bd5144d53ace3e26d399a3fabb824778221b52ff562456c5634ef3915187b8140000000bd77ba5cc5cdd096bea0578eb3437d980435235fc300a7ce5b8366387c45e53276ddfe3296d478a3ec2c64ca1aa62d28e4f8ec5d7ef281ab84074b11aac9550f	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9008e7898ddcda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427852174"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B346CC71-4880-11EF-9CB4-D238DC34531D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000badc7421d9870f0f97b0f422ee8efa13668e14c5e6147db3da3634ecd3c85e7e000000000e8000000002000020000000cacf3dea8153afaaa6c64028b99953856ba694419765e95fbfd93d409be3dd1290000000e6390c6942fc98e5f05957a5f96c6689c10cbdd144a461aa57a1e31661d8e53b11d595282efa4e3e869d9d83182f8754448187d6777bd2e474f5affa8a76584230bc323498b31aff70858b9bfc0e1e48aa50c164cf59d9a616f246127ede48ea59ec26bf26468031110ffe03774216663edacb50d30cc9bf37ee3413a8fd75bf25a7a223cd401588123a01e4e9559bf84000000092a2118659a4e4f06d29dd1a26488c65d6c23bfa5616dc0bf34abccdb674dfafad2c8574af4b98a38c004226d2bb00d2d4ecfb00328837edfd601ce5b77746a0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2332	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2332	iexplore.exe
2332	iexplore.exe
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 3032	2332	iexplore.exe	31
PID 2332 wrote to memory of 3032	2332	iexplore.exe	31
PID 2332 wrote to memory of 3032	2332	iexplore.exe	31
PID 2332 wrote to memory of 3032	2332	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\650e6befdd675916eec77925366d988f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9fef18245d0cfb9625dc417fd75f6c7

SHA1
3e68a4c314f720e8db39adcba5319d9730e99dc0

SHA256
c6950135839a09d8a0a62ca2d2a77b3571bfdf00ee0d52342c8bde300efe8b97

SHA512
f5660946ffc8e3a02a15828fb6b5c2cce888e56ca1043cb3bfe0b1d08531ad921a69d2713dd8225a5523dab7253dfd6adfba98397f7d326f44568c2bedb48cb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d3734c08aaebc9560b15680ee43d6c8

SHA1
7fc398a1ef6bf0a92192425a741d2b39a7a707a8

SHA256
ebd2cab05fae345cc33d22a6ae278b501b1fd6ae03b66af21ae2698481329759

SHA512
91623c937d8e03fd8bf06ee43ff2624fa363458bc3bb8f4a6679a0d03b8bbf02ef2bb98ee564d58620d4215b85c149eada29b0a261d83c83ebc0e1daf706e3fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab90c11cd9f6ee11cf1408a677a21723

SHA1
862b75894fce4b521af9f62e114f2bb12c78ed59

SHA256
1fd39a25e6ede4c41c1a2157339172b6e384fcdbd83643fd01d5aa3438301931

SHA512
04da9d4267adbee808a38a74c022eab0e1229289ae059942a912ed8d1d87af04723091c5f6267440c59a63f7a243d0da7c057aed26042f7ada2f861eaded2f6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8b9a7fc104886dc99f9359c37dbb571

SHA1
e03bf1a91f420bf69043c060a54cb5df79999c9c

SHA256
e3a017956076f128ca8778fa86e8af88257be34ea2d197918ddd1eb0ba03444a

SHA512
5a72935e9420431cadff89decf1455086bf375fe4b37ed134a257c171c17fb0d21729902abd1587c427224d6a4bbdf75ec6ca63efccad8d34ca3ddba226d86b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be0ce4138133dde814d384465f01ee05

SHA1
6cb32b8a67c953b8f0565dbb11634e7e37a49b5e

SHA256
f3f0625e35f1b3792dc2768749425551adeafd14ead1798fa25136a89556cf54

SHA512
5f237fda3b9fe98364542d0e17fd54b7b9301027ccfd9779b42a1bff435765949b4a43baaec78a30b11ce083baac1612709d5728f4108b0fe6d05bbad61890c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44d499c5fdfd3545fea5e14252e32a4a

SHA1
5346c2c9a1d16101d902c3c4ca00c88e09bf3a43

SHA256
735a696c70344d8b430043f388d08e99f452136660fb9c2054aa3638d70a009d

SHA512
80ce74cd2e99887589a0b128e2ac301885411b2454a1f7143da5da64392cead64dc30e56204238d04fb7185c33c81c4170af8b7634f3b8c95bd9d9a85d5c409b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1075081a04a2262ff31eb84904bc415b

SHA1
8348275e8e8f413368abf7de36f03195d519c49e

SHA256
242192892046d7dbad9a8fd4436393bc9119504589b2cc55e828de58f635beae

SHA512
d84706030e070b8adda979940529c23d0767ca25381ffc5f1b1b45edb4011109f151954e7ec1426d59c91ead425e3e9049293032ccf8ecb747ea4cdcb9d7fb2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2bcbf842fd1f4a25e6da329eadc35e0

SHA1
ebae1090f54929fd9daede64ebd7c9991270475e

SHA256
6f42b544e0b663e28a3ee5469b88c9c43fdc8fc15dd7d218df5212a7ba046a0c

SHA512
24ca003217df881d2c744d5729c78bc1843af260ff6f72c8efe365651e2ea2c92b43bca2e2b1b6cbe2e6762b3914c1430f8766e76fc00fd72980e6a090314329

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b255a3d6fb4565b49b56e6eeb7b6db90

SHA1
77b99558e132bc1a2a6b734ef71011bc795f0af9

SHA256
33da3481f425e7a03e031a9b1e5c27c0491506c5834fe61acb87162031ad49f5

SHA512
0846ef08f218789aea9c017e3ae8a3da83748269828441b980624d31e50744de00236731553c91e4b1404ba7f5c42e600df5417e2a7824e7042944d9e1857005

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7979431b6cb7b1d15fa6af18abaccaac

SHA1
d4985aedebe1e423cc21843bc844f0f937ab41c0

SHA256
d4bb7e7f06ae8dd36c3b81d220fc00ef22d46060f73226087de698edcbb0dbff

SHA512
3d2b633f0b2bdfa95a02f68e33efea641e38197744e3bbb11b786bc26d54e3a791c300b32337deb80e6fd410c39592086050c489c2e4165457be628f11b31b20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
404894e17785b0afb8946271a1efb803

SHA1
46b70f509356fdeec69fb2733df3d1b6efca8cbc

SHA256
e807fc085ddd6dab1db6141248a2b79fdac6d8f02338a9e0840b7276a8c16489

SHA512
876544cc01ea966429e89976df96c428af3255cb93d5c66d238c96a840b58abfee493d7f10ce4b81375bef87bb509cceed8e37823462f0af3250bdbaaa1cee16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9371d978356f13327d33945806d19c07

SHA1
3f78ecac3dc3efcb8ab6d15ed3725cbf9219ce35

SHA256
0a33bfc85ee631abf052d4aae5e1eeac47b2ebaca908a41015f04017f5cfce87

SHA512
2342214f280566d14e63fa7a759030674915069dd796e8a50e0bdec50c9127962f96316f7b795dd63dbc210603a627ec08d44827643b5a9e0004c54bdee85c34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5822e8b15fa1e9b76b73dcdabf2c59dc

SHA1
dc8729a4f9935517d2e6cf4faf8d15ec0de89051

SHA256
ebc3ed77d34b1401cc0010d4bedea01ee0642bd8df1f065fa65e136bf4d32052

SHA512
e7d68b9536452fb866943f7fd2d7875139a97d7e47e3f957c6b36b8e39a2c20ba3ae45bba8de1b7ff0989b577199433f54aef9eaf23ce9def24a32c26e4ccc0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b4d1ee0f79257c809fb1974368876dd

SHA1
ac9682228afdc9716ee065ae1362d8787bdf203d

SHA256
2f9670d0aec0875e6e4c811602fb5554b4fd5871b7621926708731d3adf1fd9d

SHA512
d0af77fd38e38091cd8d9a6f0a96c6ec34162c6aa6efcc640c62cfbcd836023adbb6984fa1e8dd72b38ba07fa4d7912a99403086b5910bcade4ed1fbecd2f6e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc67abdf300739d5f4d93445aeb812d4

SHA1
bb276a085fd4ef8bd3521b5ac265453863972850

SHA256
dc2e9e002f4259748f5660fba8004e857d15cf4c2db8815c4bb0a8bc01cd45f3

SHA512
ddf651e62620063a7d01f4259e99197c5eba1cf2690739336f0e0ef72177a7fd453eda9f180b0f1bc8a9a1a93545c5c7b1a7730e091b0e122daab32abb7cfeb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1789.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1828.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit