81b54cc7a5b7714ee6c25e4bcaa7014601cc9fe4005b298f35993cce95e93298

Analysis

max time kernel
70s
max time network
138s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6482ab38096d2690cc931af34e45c9ea_JaffaCakes118.html
Size

10KB
MD5

6482ab38096d2690cc931af34e45c9ea
SHA1

893686444891b97c9291df132c5380baaeb11f77
SHA256

81b54cc7a5b7714ee6c25e4bcaa7014601cc9fe4005b298f35993cce95e93298
SHA512

40dc51b87d9d4f89dc8ffd4df79a0742a5d865bcdb2d197b5cbd39717b39f61a082efe4ffb5998c573b2fc9493ff82ab33eb5bbbac35796ab51de4de71bb32e8
SSDEEP

192:ln8uqnGDSSW0nqLR5IZfS41k9vvxZbHvVkua7wcBtjnuCYZIS01+SiMrmiX4llOi:ln8uqnGDnW0qLR5IZfS41k9vvx1HdkuF

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AE254131-4863-11EF-B137-6E739D7B0BBB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427839712"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000b2fdb029e70f9cd2d682652f402706285f07efce00512ae9583bec312165eec7000000000e80000000020000200000004f134b9209d7cfdd911085a1ae72c99bace6bb89e5a34e0cf847203626d8c80720000000f7f0b64adb9639eb91a53f9e674d03d5ead46910cb0729b2db38eda862776e7740000000046765d4abfe6c5e9432d5d57d311914fec65d85adbcf7777622a5bf08beb6d7882e2c255cddac11d116ec8d0697303f5057fe1c4e05fcea65381db0558f44d4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000640ba0cfa8806060038f0fc2bf578eb6494139e6ac9e12eff5555ddaab5b41bf000000000e8000000002000020000000a501b485cac04e9b51052ac1eab1003defb1cd2ea587192b63074021d62f890b900000003f7e4a98d473799140d5d5a4a8f7f0384681299e1f0884dee4709145ae8e5970597eafaf1fcf61da051cfe2994128cd77120d4236faa88eb016dc5cfe7edc8e111af89abca75c405dd9a0faef22207b8d31d2669ecb31412a1cd5ca941f96208df9eec57622150d5962ba57432d143939da9b46181c4054c0b1b60db673e1a741d9faef7b54164c08de984bf869acc72400000009112628dca90bffc5f9eb52aed96242295896199297728bf4c010132a2fa789a7e96ece8ee15b0cf483a61e45038da35de3aecde29c58641e7dd0f91476a4adb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 404ef08470dcda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2476	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2476	iexplore.exe
2476	iexplore.exe
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2116	2476	iexplore.exe	28
PID 2476 wrote to memory of 2116	2476	iexplore.exe	28
PID 2476 wrote to memory of 2116	2476	iexplore.exe	28
PID 2476 wrote to memory of 2116	2476	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6482ab38096d2690cc931af34e45c9ea_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2476 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2292440502b1b1f3a3e4f2e4f52338fa

SHA1
a25c50b2d9c2738a1ebbfe4483d186a9b07c2ec7

SHA256
adccbd341602ef577f1aa3655e5c07d57d71be6ea0baa860379deb1fd936e878

SHA512
eec5d1398633e805658ce944979ae66c2a75f5878a8aceebb0d6b5730f59897b47522a12e5a811d9d4dc105606e6742acd8e1d5d9d1959ddede3248d02696935

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0cd7e1a8cf0b757dc546b2e1d41564b8

SHA1
5e940cb3c1d810d3417504a3abf57e29c2d3d4ae

SHA256
a468a998d950183795d13bcd69b4d88059f81bee97a632788d4ed92f6598ba77

SHA512
18460af073799fc851afaca9f47566b66d7c7f2314887fb2df45ec0ce842eb65bcf3f4132b8221d9492ddb7e122f7f6918befcd49772a3a99943ed3e710efd74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64740b6600e852561cb384efc8dd66c2

SHA1
0c2fb3cb47eb3467bcd8daffb51e3f73b12fb4b1

SHA256
6afa4a285764015d21791d9406d45d7a9abaa159652ff16e81ec9df019014f6c

SHA512
655a79a3279703bd59747d084157a59c7c00dc8e19a25b3a4a4913b79fc6aa04413586e236f6893ccc6bf103e8d9ed92652e1225a7900c83b5c2000cb3e60d88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
099aadb40f78e56b9e79327a0964f74d

SHA1
31cd41077c0908ca8fa023fb9f42f05e5c9ee7ed

SHA256
16cbaee17ad838ff576e954a6b98654e166560af02739450aac85aada327c3a8

SHA512
c21ec734282543c54baca078a5f5ffa4ef6d6d70003afcf73876dfa114b9c1bd4a924d7cc451ef95418411313956a65f98da9073c6436e57f334ed3e4921eb32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b0d0faa25cd370ad2e5a57619b887c3

SHA1
db04b2e00dc327cfe4664fabbde216559f5a7288

SHA256
fa49ee7c5a8e766c1c1ecab1e1ce693840bb851e944533601670909dd45449d8

SHA512
47cbeb1d557a972d50a19838750d71001fb8ba07301d9659981ef083f7398a45ffcba67ce4d3c78069d6b38d6fb1ed482f11e66578e468a00a796fbf3d762b8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6322fd84d7e52d770b4c54b9758d5b30

SHA1
15ab03349513b7d09bb1e38d4bd693b9744f4c22

SHA256
7d8bc9b827db77c80f7491e047a2bce268ea3d7b57e2c44d78dcf74af0e45ffd

SHA512
30823a12b1f1ddf4195458f23e1524c6dfc77c9f526e666599f5f7921e647416c54f95be9164bfdd326b1b79eb232b79d395dc0d66b4c1739f7d6a7910abe5d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61449db259bc0385444754de3463ba16

SHA1
b385d7df7143daf9ecce0e6caedd4b7d0c48dad5

SHA256
9eeea8051e194c624c807adb0b379b0409144b6517034d1fb4e8330689c92d9d

SHA512
ce9b610f6152288d6ea817b307b4b106c6f870fbca204ab394b51c00f51ff7087b7d9521985f309346c6595d9ccf9aa844688707db528d217f9ec9415b8e0db4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91eb4a1bfe445cb3367d0214f2e8de11

SHA1
ed34ef0ad4cb199b7b719c070e8c63d461b27642

SHA256
c63efd157e2c8b6ad0a9473c1f8eb264583cc7681ef61b9ee5396b1a62651fb9

SHA512
89591d1994bedbd792e2699e6f0de7d243ea5207329f2da76d9daa6099e4522798ea4bb2387d0d3634a7282c68b93c50138c69ec4e26355137f346535dcdfde9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8bdf1cf5c1ec634b605e4469158892a

SHA1
5c7590c7decfecd113b6ea75e2e73ccef674beaf

SHA256
45d17fb6dcf7833ac9b80c3bf3ef087a5565534c4bceef4b740739e9a2316f32

SHA512
773ae2534710e9509a75b754c24f90282ff5fab9d5b720690b5eeeb931f73cb5931de46543b21025a5a822b59efced805a562aac88bf32afafc2482d7d6408fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8fd312db2738b8f8e936904ecffc75a1

SHA1
7c2c53df15ce9394aca4a155a7941b183d673ad5

SHA256
0347618c2a80da4622c68ff72874130fd55ecc4579f01187f9e2a776bd140a31

SHA512
834e8a5b137cc581eff1bdd62d505dfb2c82c988e285cb197a67f780302f3b1cad9c1686a4ec15696249d7102868a32772dbd7740a7c7ab7bdc585e967f1ab81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cbda37f48e718e8d8658e8ed2435d5b

SHA1
f7d56de1b4661159314f133cbc1639c2532f947d

SHA256
2f290b7d3b09c43b1744e58d48cf8b8d77af672436dcfee33c3b0868fc5aba7b

SHA512
15a667ebc862b4439536912d14aa57285eaa5a7fdd4930c76fb1321e9154df5129ee2207f1448414d7812ab144a232a7da5f94109018d84f078855a30b2d26da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d83e59ce75858c4372903118d124e3b2

SHA1
c968a837763d4d1ed3ec8a4222e774df82d9832d

SHA256
eea54207e0c4834d922e2cf3828a74db24c04948d9c107fc722fa94ab6dc9cdf

SHA512
88aaa79e4e52721f306eb24eb377d1670016983b7daf40d02a4bf84a64f3b27b2c3efdd795923df5cd0fbd06c0ac99f7f2715f486139aad295d95c0eccb1b85a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d65291820b780d8821dffbf5f620ccf1

SHA1
2f8a1018bf4b0b5ec8704d94634f5c39664160fc

SHA256
e69d82555d1938d68f0690c673eac2cd6d6a125e5397cbfcf0d54b8b94972378

SHA512
e07c6e1badd8377732621030352a42b99b3a9f8962b44780debb8761ec6fb31ba270f62b3cd2501b1a650ad98e6f3b6d3b4ca2f70fac6130ef78be9e0cd23b3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1a8a27085975b4034c2f8bca8c50f75

SHA1
7a4e407c5d3e35fea937bfe7ab47ccf60072dd52

SHA256
8ea7afc4f777bfa1ffaa62c402afc49a28741a23ed0a9f94403ae232ccb1be3d

SHA512
99d6cb5d7eab0da56e319dcd8628396437c6b9a65329583416f86be05f37293bc0676a3faeaf0f3dc1b6fc3328867650ef64caee1a26e729f9b8186c468b7e22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
048bb75dcf0c9dce9c651d6731df5173

SHA1
3a1cfc5b6811ba3a6f53c7365b2f4308eca32e37

SHA256
e99fb986537e97568958c7f6937a1615e40e270d1d57f1744f33448b487cd932

SHA512
3844a112ffeeb9ee1ea08325fc70844feebd6d1a21d9ee6ab183cba67c95d2b7b45feda32da3c0b41ad00cacd7bfbdaff90c1ab19b1db9b7b98f7a45a7c06621

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86e300726b1dc290feacc2a06f962cd8

SHA1
4b642cda184acc19c8ec96d9534c642b52e48d79

SHA256
0d19366ec32f1e66145c71dd830718f76fc367bb2913df1e8ad5f33724bc3bda

SHA512
159db62a41970257a1927652fba40785e959c8e92eb6f030aff64c091ed4a36e66a24e224603f1cbe53c6a2e45378b45cc682266fdbd208d1c46081219d139da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6889b5d8f003c16613ba253a1f544743

SHA1
05aa92fe45816642cc9693e61a0f1009a95e4ee6

SHA256
33bc96d85b09bd9fe6099985a294cd7e9ee735bfcd044d52c928d49a67cf7f24

SHA512
1aa4ba22af6dc780c3b68414989a1da1801b06406981c4decfa005339adfbd6692ef5b380f2503b7c72a0b41692754aef60be299b3e965f41e94577085e40e32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5B4C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar74A5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit