f3653851560c812b832754e12190651af0dca8954c14e3e81c4685d88e49e28c

Analysis

max time kernel
147s
max time network
142s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 02:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

65d1dea7a14e4ff1a398d8af1491d3d2_JaffaCakes118.html
Size

91KB
MD5

65d1dea7a14e4ff1a398d8af1491d3d2
SHA1

820aff43f850e875945ca7d277469d87c065d0cc
SHA256

f3653851560c812b832754e12190651af0dca8954c14e3e81c4685d88e49e28c
SHA512

e7875f6f0a824a89e59570458979af2d53eecac6877ce13e49a3f677a56381748a97d8be898b621720f86037c2b94e52b87d891c3897f31a42168108e917a690
SSDEEP

1536:txJJwZtG5/jLit5pP/FGZa0ILLCiF0JJHiGZdqyB5NXCqlt+Vc7Uw0Q8Ogjj:txEZti/ja4ZPDiFbGZdqyLNyoYcVlu

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c70000000002000000000010660000000100002000000029e9e3a4d3c39c6742ca45a491d8667d191ba240ad7b936bda92eecaf38fe449000000000e8000000002000020000000acfbba8dbcbe0e2fedd4f811dc51f347a095da1a0744de9e1f4267914f24754d90000000ab1dd37d7782de26d5dc1721d412cdd42e457284aee670cc1e79138ce173bbccff49eaa7e05689c31fe10e8017cd3366f8a26522721a847dc1fe30ec52c749f5b2ef97554a334a9ce331655c6c8106270a91b22a10d3d9c06f6bf071e149bc5a67966afea10a3a6406e7d0a5b008381ea43c62197e4f29fe68d1f503637ab169ff613c1f4e9bea5d106877db05d271944000000031301e439c2f6ba675d84c431a493e296fddce84d4eb148ebe3a194c54efa9f00d7d8594bc056c6124e00ebb23a0caeb4019aa3301049e67945270af4ea598f9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c700000000020000000000106600000001000020000000e84c64c8491ba09371feb87180cd9aac1ea0d7e65ee73e2a3b6a59ef2e087073000000000e8000000002000020000000c53986db4159189b5442c746f70e13ccc9431de432c3fe0bd08afe439399b07a200000006b2a26bbdbc62239ac09bab2306e9042d2664cb42fccdbb59a653994636c4a13400000004520f9c029b16843c62986e1af2c599fd068356ad35c710cdc77f241843357905bf3efdfd4a824b9c2742fabee9b350ddb59adde40934d2c1086679f284b9378	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{32080251-48A8-11EF-AE10-CEBD2182E735} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427869152"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0e3fe06b5dcda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2200	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2200	iexplore.exe
2200	iexplore.exe
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2920	2200	iexplore.exe	28
PID 2200 wrote to memory of 2920	2200	iexplore.exe	28
PID 2200 wrote to memory of 2920	2200	iexplore.exe	28
PID 2200 wrote to memory of 2920	2200	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65d1dea7a14e4ff1a398d8af1491d3d2_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6cce17f80af74926b4a604c25601a36

SHA1
cecd95ce232f52ec2434b39e2609761d138bdd9e

SHA256
3da6c7b8a60c6eb3311019c9d956c4ddb147d09e838d90d9697d7c033e7c8f04

SHA512
3edfe26890c0b929d976b2b77d6e5603a1e9ada5f6aa7c701316d573a613b899c42aed82fed8ce9fdd558a8f2ff0efdc97de9ce9a00fdf591d03c8f63857ebe9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84ae73f32c2e64709b50fe1dc5cc2c72

SHA1
c53c5cfdd1c1a52040ff9293d1f3d4939263488b

SHA256
ea79c5d1ca2fa9fe6a6593ed3606b0406e5cddc5051431a08e0300b6b7c14fa3

SHA512
665cbb40eb7ab423f7f27ede3567df1e5ce6e1d1687fc4f5e8d548be5e08be1f6efb42cb952e0f2c107d88389824c6d2e8144c215efbd7945cc7c1eb15846ce5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba3e6e84fb8057d32af3c5979536c2b9

SHA1
4cf2d77971596c2257d279626c603a41c8b9689b

SHA256
74406b388c31da0f9e7ccfb1cdb3fbb50c35a66b94b1499b0d4a463fc82e6d80

SHA512
d9762fc1143bbfd02ac6c776ed78732caa4d3d863ff0ce663b6afb3aeea96f5a5ba197f76df699b3b1ed8b68ce77bdb46ddb30c44f491b487cc47e1710fb94da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72e4f0b2ff546d8b465106b8a4807386

SHA1
327093e4499bb6603e1d661dd4790422d47b0e05

SHA256
2e8dda0a1eb10612c146fba8020e6959fa971ce47b9496d576c797eaa6f7fbd8

SHA512
7b5fa8780ae3d46c2addc71651e8631efa087dcf05590ea7de9118055bf58c12e137c9c6dfb01611cfb854a80371116b192e0fc6197685b30f162d466b792eff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01c04f914c425d2d7b9b6589f4444162

SHA1
ead54ddb2641916f4636999ec6c9d7e74767bc1c

SHA256
74fb082970dff9f72d88ba74ad71429dece78cd76857197011afbe00977c9d89

SHA512
b4fa6370edd29e4e538d887a033191ba3994181a71e6b995474f6876155c2dbdfeb2ff6ef1b2a94f1e4b5d543d40e81c0f006fde613c0801481f56b8c458ecbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72b6a2a831204f172b9ab117ed241594

SHA1
4b6b1b5cb1bcf945a05c0a71ea7b21874fa01e77

SHA256
7763862bee93183d7c04e89c109007d93dfd8492b8b59ea57faca418c36dcc2b

SHA512
ccb2dd06252e26ce1fa887ceecf9cec010745d953b01264214916826400216ce5d1476457e11890cfe268b488894cc8bf80a2765321ce67a9fa67a5435b37125

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ba21a543e268a84f88a2ee2a3a85a6e

SHA1
806819c33daa9bec8cdc70b73b0af38704cb1159

SHA256
7f07b216dc88f7f0602ae519e367a097753c56ab933e32f22e0293180b31d4f7

SHA512
3191a33d88dd43609a383b8a853330b8bbc9503f5eaa836d1251dfddccebdf4696fb71a30baef2d0ed253baec13055f41b64f5d3d323ed105520a16a47861711

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5bc30052d26653024363465e131e8790

SHA1
371e3a7bd05d5e5cd7c7b316e575f2398c2c2710

SHA256
48558c5fd3a532b44cd23f115d25accbc08366c53c705e9cb0d3026ca4aac851

SHA512
89a7ca4905ad1f6b38f28a41d91325e062c3f2fc1944cb16391f4bb74401eea4ca45a1dcc89f33c8285adfa30ec667baae65758e91fc51280131c24467aab083

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aecfd0c9001272c520c4f1112f86cfc3

SHA1
4e081ab22ce5e45925d97c084e29a589b8539b20

SHA256
e7b91384683847d0fb7ddbcee9103c1934130576a031fc4af9cf41b8fb096492

SHA512
a99b1ad92d06414c5e4a26e920be1bb9a56726a197220ef0ce19abe36213d9dc1b36833e3fca48071fb5b9ec41dc6311910bdeef9b8be76cd5ed4d95483de8a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e949cdc058585ca1f9abce646df418c7

SHA1
f53b18902a5b1b58871012a66020b99ba278c92f

SHA256
ff60e15211db35c18839dd37ba4dad32e297e00a30c0e0c336819a69c8c8a432

SHA512
f808c6c8237dead93b4c40a1db342f8a1bf3f6ae700c84f64d9dcc484f4ae1381015b8ac1834dcdeb6f81a4645f617b6be8bf7b7f5b64cd7e13232b45e883f52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3bae79c0f428d240a35afbd43e304ca

SHA1
f6ad683eece5ae5d5fb6e7bccf08eac07a5c6103

SHA256
a65380eadb100b196e95ae9d319b12c8ab9cb1f1655d20513186278b22e579a7

SHA512
514d95c3648732a46e9e118a4bcaa01da8650c77dad1255009a4f26f26f70bff770f6187b8360e9533d7a228a152a6d2e8b447e7ae21ee4ed42aea208fab5b1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
357570021bf4ecf442274ec5d6a9e623

SHA1
73daba6d96aeee52955c504a18787ce9272fedb0

SHA256
65803996d4d811c70b3fbc37f0360eedab27bcf0f001e1920bf1a88273754eaa

SHA512
276f1fca666d9a000c21bff5e13633a4968f3058160b45775ae5ecba64c03eda4119fc99a0a6fee986a595ec9e2b626d72f346061ab960dab85852743868d673

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2d9ff2446034836efe530c802f73555

SHA1
a063f88d6e93919d775860622b2474a14fde7b64

SHA256
a141ee1c9c4d23171dae6574589232f33cd875e2408124cc9f87fb9c8c32420a

SHA512
747f524cafab9edd3be6436a57504fdaf5e4334c53dd71d3c7c7ac65fc64f0e1bd14ef1353e6e0f2fcfdd84c26ba0bd4a5f2b69966616bb836722fc98ff9e280

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f1bcfad505c2a7036a9634bcf2f5558

SHA1
f9a1ff38239db928b4cbc58998f052828eafe242

SHA256
d48a45dbf0dda2bd6b7c6cc14e16b93da7c1c47d3f908b0454ff60d5232a4905

SHA512
b5f8b428e07681d40e0bb49f101b25f5459b244a62808630f78b0fe69b25af947cae3236e3c60f3a1faf21654d5cbdb5e1ab99c90870646d27e1461653611153

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ced793bd1805ff1d4262e7aa52cab2be

SHA1
97f1260800bc18e2c6cecb91e7e64f5ae1bb6c64

SHA256
99a238d518ac309009b8c7e8a41a45b5f55062180007767358fc867b4598d4e1

SHA512
9147ea915a267bad9c599f6cf0db7b14e2c1ead142102185db6509b52a08f2ed18c8d040a726276e35d3f5d50ba60c0e53a87afca2592f5e4b8404d4201cd9a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b450d389fe79fb848f36d1f9823f6730

SHA1
7756f5b43f116aa0fda093a834ed10651fdf23c6

SHA256
eaf39841061eafa135fe9ee6d4541f19ad5e16953268ca47b26f7b5c1e4c338c

SHA512
1a1fa380f5f00513468509309b6716527360a05a990d79ec7ba33a53ddaccca65ff76072b2aded34c91250a359c13c183dbc8d271282c7af4c4fe6929d42316f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE9C5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEA26.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit