37ef65bb0c038f7cc82516bee09a304ee2eb491ac5e6129a122905f83f9fd2f2

Analysis

max time kernel
67s
max time network
129s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62c4cd89dc8c3e55f849cc204812870c_JaffaCakes118.html
Size

1KB
MD5

62c4cd89dc8c3e55f849cc204812870c
SHA1

f59d08ff6c615c22c1a4ac3e2504309c66e5105c
SHA256

37ef65bb0c038f7cc82516bee09a304ee2eb491ac5e6129a122905f83f9fd2f2
SHA512

f40d42fb5ac6e44be0424ce849a9b3d44657b6a3fe6a95540f22478955f3f46ff4319c9d012e868b08d5a14046b1c37a6088045fe4fc98c4bfdaac7caaf28465

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b08f2ce01ddcda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb000000000002000000000010660000000100002000000099d76bbe08ce2dd0a8ca227bad48d59a2503a043c81b6537905609a54fcda41e000000000e800000000200002000000070e675a72de1677e89482784a882110b190a5f1ba01fdaf933bf1b60fd3009bb900000004f9a32c32ce7b0a0e27ed95eb931d10494288144aae30a5edf8959b896dedf359cfec6fb4b30b62c28f983047a581c1b339efe0baeb36cdf2b17e9b19b355537954a0fe0781dd5b620c0e14c9c5431dd52d62e173434018e0b55c61ec3d754f94ee51c207561448f6f829a78559f8c4cfd1bbd1210945290c982a9db3186f80ae879c48ade8a98959daaf318356d2ed240000000f426b24b76c72267105f9a1f7d40c8b9037024440dc4ebe52f1a7589c1681cf344ef42aabaf8441db1da86e500ea12279e46d7de5463e8c137b85d7f6b39e930	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427804198"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FE3AB681-4810-11EF-A817-DAEE53C76889} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb000000000002000000000010660000000100002000000031bcf15d2e5f348bca0230407bb4c58b98984e65f7770d0c4314841f5dcf7571000000000e800000000200002000000034f00e552dc6776fd2d47344692f442049adfcfd248f14c5d7ba30bdcc52fb18200000001e5b1aef1ac9650f2cd95879dc2f6ecc4150feb8810798572485f10dc2812cc64000000061482063cf4f3aebf28b02c7f555f1fbadaf2192b37b8b3b465ff4a176422037e40aae3941b0725d3639e54917ee9771b8bae5ad480124bb5b1e94c04515974f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1736	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1736	iexplore.exe
1736	iexplore.exe
1352	IEXPLORE.EXE
1352	IEXPLORE.EXE
1352	IEXPLORE.EXE
1352	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1352	1736	iexplore.exe	29
PID 1736 wrote to memory of 1352	1736	iexplore.exe	29
PID 1736 wrote to memory of 1352	1736	iexplore.exe	29
PID 1736 wrote to memory of 1352	1736	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\62c4cd89dc8c3e55f849cc204812870c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28b85ce4b22eb1b79a3e828ea997a86d

SHA1
526a41ac7556a088fe2a7515704e40d921dbc3cf

SHA256
4e7ec4743cd12511ec24d56830a5a67c1222857aaa19ae7ede159551d90653e0

SHA512
1dbaa12f5c8192b471b7838448383f48d8ecd91d6c0944048dbf50140d9cdeb85db03d84f645bb3c6506efb108601d5c6149e7ed5db55710994b2a1200bd8af5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b9eebf0dc8bf8d2030045be8498a01a

SHA1
c54f6ccd88f4dde601f0422a3633ee0f53dccb2c

SHA256
6ebd4d4cd47ba4695c5613f1cd34d89118aba6a69491fb126cc0b1e0bcee830b

SHA512
216447bc52b93779bd80aeb3a22a63b2d2975e23fa2d352c7be2e2faa2abe48cea0089cda3245292745c05cf45a65ddfd26692f333435d12337f268173fb7410

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db7a59ed6ac1c174c08da9406afba26c

SHA1
43cc7096916364f54edef55dc16b8c6d964a2ed1

SHA256
ca6e99962daa3ed3eeda20b58d3dc84c9248a7b0dfe8fb48f2d90395e21833f7

SHA512
aca7d9dfd3fe243716fd10275e486962355caf2e0fb5fffc3a4b2deaa9bbc2868e59e39adba1bf4f866ae6579fb48965d6c52490d2577560aede03ca6dc6b1df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad40ffb5bf664b2580370b68201a1188

SHA1
5c0275c12d3665a6c5cccece720df114e27b8b9e

SHA256
6188d8dd8f9c6ef5fa5f044081b37596f7e6b1459be4756af643a406c33d1762

SHA512
b4b39c9bfa373c09011e9cf9e6aa74caa2c626a42a898d8c0f95affe525bea6ca1880af66499a7ffbfe4eb5b087872a436dd2d1380c9fb47dbe8b88f664ebde9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90d8295a0f50063a8c6cd5323e2c0198

SHA1
2a5516ec3604c6a55d6d7df92c89d8119b6362d9

SHA256
1f20a72273f7cac6d00e2c9b06a5fbf8c83678d144c2b4429b7a4864861fe7d3

SHA512
f2835aca3aea40f691d8a19144843275ee5c3a5bd00e4d112ae3f21d5e34c1bc10d0573a38e87c419866d80f9a4932b0019f6b30e60ccc30ddcbac9313a7a328

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6cb0f3826860d49b7652c3fe38fa876

SHA1
29ea0e7fb2d42a208667819c9d1676ab43ae4cc7

SHA256
ed5851b01a5ce6d11e64075e25c889616ba68b829dc06434cbb5d87adc46a74b

SHA512
e4baf324f1a1e3178000b92c877cc70a396387198125087d2eefa1d10c0a420f3e1ee583963ac382eb75ce9e2e8355793d47e2d41eacd295e9cfb8624ad035a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78adbbf6744f0743a2910f65f4d8ae90

SHA1
b60d0c275b850c7a2b05f29b07f7c03fc60d45eb

SHA256
30b33570cd4d1ef57404ae3f8c82b39a5e5ea7f10769d005345c9d866fd47b88

SHA512
4147b7f4d4eefb2f1032b32f632e9626dc593cc00c121b57710c361d8f775b0099326ea6128c427e489a3f418f7a180d3ee069f826707aff1b2dfc0310d11e83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff6bd8cd1aa2f0c5679aaeeb8aa58bc2

SHA1
d2d6d0003665e4089bd85a2ddc9fc0c7a92f2b3f

SHA256
89ae08e6b04470be69a402ee9864711eb44403168b822696230bfa6b8d8d56dc

SHA512
51ae9a460e2b2d09c0a189e20b52039169e2ecfea99ee4f4aaff8623d097653b12716b9382e28b1da666c1a14724675eed79bf7b8fcdecfaeb488c6f23cffe81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e314f53f3b0d9f6c060351658c64f0c2

SHA1
926a14b731fef41f0d9897139aabd7b45846a573

SHA256
5c01d9fbaf3ea46773130735f33c238e0d46f56413f2fba71b99c0890f775728

SHA512
f6891e61893936df23513a4159cae90df2dc0ed5321d8234147295d19134813eafd6ca2ca7cabb47780049d12a7da5ca5ed9ad1f9b60d65e4b7aa312666a1238

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1111c351da9a72cc243bba4083dcd183

SHA1
2e77816873eb618c262d1803f06aa85e416fcab5

SHA256
7c8d8d9db0fbd71c7ea2cb842cd32191b242d598ebfbb0ad284072984aa4c388

SHA512
10e6af342f3042a32beb3f7f4ba42c945c765ad4887ffbf3a1a14944a36cc35634868c7717a8fdc24b9f0c7b72428c7f644012d179264d8f9da5fe9ea802407d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c5804c1b7b517497ddee1a7996d5096

SHA1
59f71f5467b8611b1df464bc60ccba083ed36f7d

SHA256
8a04a3c16e073d3f88e95303762a8db41725f769890ab7e63a1c307524136781

SHA512
ac3ba9872e29d1f3467f7a682c0d33b03fa91926b8a201a5b0a6a318181536e4172700f4f1186962b4052006777345bd14ff16ba06ca9dde331412d9d61d2046

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f01bc77020ac17bcb8514e629785b5f9

SHA1
f120d5c422d6288e80c678359de5418b3e490bcf

SHA256
73b936a10da3b9eb141fcc3c3256cd68d245081d10b9b831cabf59589ee7cf13

SHA512
7c1c5c6ffa3fa18e1966acfcebe0013cfac5d987ff412bb48c5b562a34d25abb0e618a3c261df06efcb68db66f5b4d40694b4b0b64180f0a16f29da7c5c72eba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da381fee4c69fae82a24586d426bea7e

SHA1
b931259641356cf9f34db3633e9f1c3166c65fc8

SHA256
669c2238caf75e75b8102451d59f7262aeec7a82302ca384cf0bc85442fc00f7

SHA512
a8511ea18f0998835ab53e96a3940b88eaaab9492b66d197af91dfa6b20725f7238940f123b0713c212bfa5e56eb8a3f9f8c9337db834848457c1291127fe53b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2059f245cf5177149487604d04b5c83

SHA1
045ad91edb28017856e994769c011559e9ae79ac

SHA256
2ef674c16acdbf02cb8896d0c51435f97d19b5a27b3a0289b90088c9db2e7c96

SHA512
3dd94c9d48dea3531bfd921f2ba3f398d1937fbe86804a6651e3c9f2202b8fb2ec288b3583ccaf0da3adf84a7f084833caa74199d703e6f7e4f9f88a31ba91b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27bc5e87e08d6b671c6f1eb4de431cd6

SHA1
d9b2d504db63c21529bf090e222e1bfd139aba1c

SHA256
b53f54555b95e845e805e3e0509f6067b13a7add7836f9af5ec61ccaba1295f7

SHA512
f76d3f0bc932dfc38a5ca4d976ab012c44051df9607ca4db93404e302cc1e2ad75fa7d72a7714eb2d222d260b5bffcd81f363c7c36c751ee7ad89801c36f1e54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2615e9f178c5e3700a8bbf419205cabd

SHA1
096531975950e144fe7062101b59708c878e32ca

SHA256
ee36e379a3fd2485fb55fff4ce3cb31aa1e9d1091e909437e17f62566de7ff75

SHA512
e36e7f1a52d1a282447c89d7521b5f99a42e23d494b5aadd372836efa52a6f04fcc2460cf57957f26a9d58123d89aa76b22d23f340ce98a49b0ef22997cdf92f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab32.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD2.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit