460873cc9719ba19670b1213dd615cd0642cbc02a4348c6342a8277a36110616

Analysis

max time kernel
68s
max time network
134s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 08:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6292df87eb1f7d69fd0e0cee31171ec9_JaffaCakes118.html
Size

8KB
MD5

6292df87eb1f7d69fd0e0cee31171ec9
SHA1

b5a5673d27f9c17ac66d179cc62d6e6c58f9a6b5
SHA256

460873cc9719ba19670b1213dd615cd0642cbc02a4348c6342a8277a36110616
SHA512

108a4993e5c70a0d024be29b5f50179865382e8167f2e41c0b36687ac2db06a5ea6365edeade7867265e0dc54b44a90496aaddec926929e1fde3b3bf2d3db6e3
SSDEEP

96:uzVs+ux7U6YtLLY1k9o84d12ef7CSTUrzfIOFu89lyaIsjMiIhO5IUFIDiL1I1xs:csz7U6YtAYS/9OEtthbPPRb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427800218"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000b5dbea9e2496597b420154ec326d6c45ff36bf5707205262f8881c3ff038689f000000000e80000000020000200000005b12b6e5a7ae0ae68c00bb229eb4d78b2ad709b865a0d336b57739cb03f1b62620000000cd4052c6f149fe085885a366c73a9a496331bb238af08e6ea697b0d41cc4a73c400000004cd61672c2e77abb5562466fb41c30304c1b324af3806ad86cf1a0dde84689628f0cd6f13b2a706e092863805ee7dc051a3cbba6ac041f263e370ebeb3396c88	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BA192DF1-4807-11EF-83A8-4E15D54E5731} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b700000000002000000000010660000000100002000000051422124163af17b6d6532104602db48f3a0b60292dae822709b9c4e54e971ff000000000e80000000020000200000000ce3b8a4e1f1ab5bd407c3a4f85c588024befa4df8a051416924f8c59458e02390000000d8426f789fb1502d25b97463a5fb227f7304a7b5bbfa2cef070994f8e7b0924f41389cb0650eab9f3b9b2bc0ed61f6c10ca74d8f7bda08d260d4b9df4f9f20c80620b7aad75b92fad4cf9f0d38a1d2ccf66a0e33bd6d41b9ff2842639a5f66c83b11172d76c7dc41980a90a0e8be036c266b12ea4bd4ca49610d65dbbf3ff62d576d4a2d8d49b8546b7de05f7dbe96e440000000aa4c528ab5a1ffc670e0524bc7564a1a12dfcd868eb173c18aadb1ef8688c72b5a7618220ede97eefb4556094fa90e57f78a2b7ff1801e1444522a8ebac475f7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 809fba8f14dcda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2800	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2800	iexplore.exe
2800	iexplore.exe
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2764	2800	iexplore.exe	30
PID 2800 wrote to memory of 2764	2800	iexplore.exe	30
PID 2800 wrote to memory of 2764	2800	iexplore.exe	30
PID 2800 wrote to memory of 2764	2800	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6292df87eb1f7d69fd0e0cee31171ec9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e612ebe00662606f08789ecf5801b1c4

SHA1
a91ea73cd1041d28cdc9a62742faf84ae82dfaef

SHA256
2115967fc3e424ed01cc5763623391d533c5d551ce17a77f4df277922092b76e

SHA512
a2678d6298a1f4e0ea2027c8b00c0c11e09b72687e2ebaeab1fbb63e0f167506cd7b208981a5e54a9a8ca2c7b912d6743810832db99efc99f3b11d2503faef73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0432946f3d6ab04297aadb7de1833c2

SHA1
48dc2c0c356cf6b82e5cb0396454e4bb2390683f

SHA256
0d27a6bb2bb96cef8dfb45d6601357ae3c5c8cd68ea85e861e03409416226167

SHA512
a9ad5271244e280ceaf7eb24a974db33d5384a5f7ac903f54c455689af2a5c3315c9a64699af50d55d41042bda8179860738cd2d3fd33895636af5a74450b7c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f950f4ff604cfdbc1f37503a46cd632e

SHA1
c3fa29639b1e4fe723011dc8d0cc1f7c86c18ad5

SHA256
a3ffbaff6ec74bb248590cce0884f45b51a28cf24c459a74a8c5f26057065f5d

SHA512
c294239ec795d401e6ce057355d457290068f97e7cc315ceecf5b8c64bb8f3e91a0f119163afa6814a8d35a28893c98622d2f9171c44fca23b418244f507f9c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c1adf1264d13dc9d7b769ee669ab000

SHA1
0ea43b4b41ea6d4468c23d368ff4e8de5f08ba74

SHA256
4fc9de70b3c102eb33132cf31947d767c3f6b2fcbcbd9b4037dcb6c9de912479

SHA512
b6f7c55cddb207d3cbdbd4055fe0b0d737c8a2fd3b79c30c398cb02e61219ddfd22283f66d97e5a55fc11b60dd76b5a7453d1fcf9f6a8ea67df0d84e5c5e8dae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66602ba77371cc6887b123b7404cbc8f

SHA1
378946d16e1ba7d760c9a14e0a4da42fce011f06

SHA256
3d876bcfdf16b6d7f0d2bb80ea2230449e47318a7af4a050d3e0cd61d1098dd9

SHA512
4192c0f4984be75624da7f1b4fa5ccaf24bf3bc7aaf56496c5301ad43a331f6f3a52f3825ec57fa0b026568669ffa58f01cfe9ca9c91aa30f1d761c222bbfa46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02fa7965ad4ec9810f2f98cea29c4030

SHA1
60252b0d2f6cfa34c8811e45e0dac7d18f837686

SHA256
51fc5b2da482ee6efdabdbd2db5f3932e25baa1ff3658789dc970447b8824a6b

SHA512
d698e62ec360c87474eabeb019444dcd154ee7b19da97ef6bbce45545a0d82700061aaf96315b1e8af9e1c05866de51f32eef53455f8ff709a3ae77c2ba629bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afe6e3b72e4831555515da95b40a537e

SHA1
1ce285dae224294be718ed247e63ce4a8bf5f5bf

SHA256
ab476eca75ef94b1e982a589a7c2f3026016ca2d220455cd1d3feaa27df21c92

SHA512
c4822bfc879a09b4189a9b660ab23b267b0aef6dc8b4c0cb9a1ab04da5d6d6872a8e07dde0477a7100f7487fcebca4cf5b65019bf516cd8ab32d936311d3af2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7074110fbc01bec712627cf62da11e1e

SHA1
3082ca304a006a808ca1ce3b8db582786006a992

SHA256
cbf4c2c640810f703616fb8d949052653cb2a37d65392845f9c6729aafb03235

SHA512
2262d0260a009bfd29658604fb518a57afc185ceb0941701088d44ccd2412d99aee795089f90e0ddd4b33244be481aba2690c78fe9789d6d8961e98975828469

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
396f19d211e9e5a7e7ad754a3a5758df

SHA1
8bf6210a9da1d3567dede35f2a5061502a1ad72b

SHA256
480c363a8d4123243ca6864e9256388d6fa83a27a2640447982fbdcd7c82f588

SHA512
2b4a755f1e5cae0431f65b968be97c23543457db7cd99e91bac4c2072991ce9b44e7c235fa11400a347d6628873d575a5b71c46092420b16bfe0578df60d3765

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e65594d28767c382cf19024581dd95b3

SHA1
c25270c8884de14dd62c593047c814eeaaf83ead

SHA256
dcb14cd93156b0a120e8188087cc0a879e2a3d95ad61ccc01aad602f559e55c0

SHA512
79265679bc82296fbf732054a512e491f4875b5ce97cc359e840d9167c906d79b0824d8048b1c68a2f1a6daa88c0709e51894775cc132e1bfe9242bc70f08e43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
993da3c16994e36fcc106a01dc039dbd

SHA1
9d716a550a977695d97c485e51035b5bf3b18cfd

SHA256
25ce5e267d8f4d533d5410df38211421b2d3d66adb091041d66102cbb91766dc

SHA512
957d247a29717eb58c9c9288389b203413adbdd201a730c4900248689ef66fb11cc11f3ad6a7c898480b7150342afb4910097fe315064d65215a9e185c8373bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
502de13a2e13d885dea0bf5463cc9a12

SHA1
9c9f0eab99cf8f7b12e360a58e062f51aba2e42a

SHA256
858697713efbb42c86f63c17fe6b719eb93b35e518e4c60562108cac50953b55

SHA512
57764eb55c1120cfc1ac331c3e3f974d2e24a9ec3353829ad716bce2c3543a73718643811ef3c68e6340b710581d9a832d1d813b159c024b098e4b23e9e31158

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb8ad1c2b98fc03a437094e86d50ba5a

SHA1
b6d3588e3e6265d3dbae568f03b9884cfc3e0b7b

SHA256
a677f3b1316aa827327eaf1dc3b5b886c1526e319867ebcb270e75329ced4af7

SHA512
cbb2aa5d9bf18a1fd25f25c14ff515aedfe363a4e545e50f5286a0eb7462026d4be5a2cd5f6dade974ff6b301b95809ece203303e283c9f6f7c69159341d27a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8dee3ed0d33bd19996910d94382957ff

SHA1
e4484d8bcda508796dd27275b5ef223a7416a39c

SHA256
29edcdb2ce5b09eb824b318121b71e38ea57fca958635f9299c3be313bcef453

SHA512
0f92e8553fade728bb9dc8cb31e9d9a49017c92d699ed8335404ea7f744b74cdeddb897c9666e1740e4614a951c36e730fad620b46d0f5096999b1986063e40c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d34f63e9072e41b726bec778e1efc181

SHA1
3eb333af2c2023f06c9df64dc760aefb2186aed8

SHA256
f4c7e4570ea4e099419db87e20721c77553d15edf33145f4316f4b64d51f6580

SHA512
799c08a4bdf27804d8ba5dd6b2de981f58f57496666d2cf87d79d911bd57b00414f2de075b8c96316b595e40d892437d4eb673b0b0e84c7ad20d30494fc72e6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78f947cc0f8d50ff728a0df34318ddac

SHA1
5ff552cf11be5cebf8849ea513570a668377ee98

SHA256
1c5e8882925014b4322b7770897a44666495b221091e08d7f9e15c6fc87542b1

SHA512
b85ad119f65715fb664ad81c53bbbd0a2116a74d4212e51deac69b9c05f7196f1bb4b3a84e5bc4470e3ec0b2c6b254d8e55e21e563821c19ab58cabdf17877f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAD50.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAE11.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit