60dfc1ecb27c97e2aba5df354802c3b2b03f57ac33f6490fce5cea20d42e531b

Analysis

max time kernel
144s
max time network
152s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 06:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

668eda83edbe3d93997e22b131ee0da6_JaffaCakes118.html
Size

122KB
MD5

668eda83edbe3d93997e22b131ee0da6
SHA1

b2800475d09bdf473faa5ea55a513bcb09bdbc47
SHA256

60dfc1ecb27c97e2aba5df354802c3b2b03f57ac33f6490fce5cea20d42e531b
SHA512

d95bd8e7c45daadeff6008f6c9621a4fd5ee9c9de649c8c164e5798b2f52585f8561b82b88e4084b23da7746f84c60741f43b12dbb0b34588a44c2d1a28d64c6
SSDEEP

1536:8zbqNAXxYxWo5eDgeiy/BnJzc0nZgqq+7JM6zy:ZOXex5zeiAxyCqOM6m

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{31327991-48C7-11EF-81BB-526249468C57} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427882453"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80e29222d4dcda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000f30e0440787a94869c7522027225a29d5624db893a6174cfba31c5589eb65546000000000e800000000200002000000051fcedd0678e99d1b5e4084b47590917460febe80d44473544de0f660f96603c900000003df3f8b5d039ed4745593e0edc1c886c82b3ecb98df9953c4bb8473bcc9e9743e1aa6a71c54254c772a32dc2491e0f07a07519f2a6d9ca52c29e8d48d2ec97a5e94965a23a67c1cb2b800dbc288ce841a8b15a45c3860c6880f3b23b911f46d5042fc960d950d6737afcc9c125f29a984b24a03dc2a09d3bb939228fe59dca23f4670eca535c0cb1bd31141d62e684f440000000acc8f58b972f502c893d136bde5a4e567e4b5c0ad853bd801dd44ee98ca86c2c95112f40bbd710c423eb965b7557d5aa31c2536a639837aa642ae185f1a63327	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000121177426c73256fb8c8ef7181844d8f9c578885f4330a3df920444a98e4ae29000000000e80000000020000200000005951a77c005b7daf8c208143227037071910669104faf9d4c30f1d66f352890a20000000f35b775f5caaebaca192fc2a5447b9a565e3f6262607b54133fabb8b8a170ca8400000006ec76df3d65c082ab097d3f934a98acee5f032aeeeafd3be41bb36cacd9b1c0b77036dd8d7945bb63b1314a0ed0c81425d423ad49cc2e6879603eaedf2f00f04	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2488	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2488	iexplore.exe
2488	iexplore.exe
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2380	2488	iexplore.exe	29
PID 2488 wrote to memory of 2380	2488	iexplore.exe	29
PID 2488 wrote to memory of 2380	2488	iexplore.exe	29
PID 2488 wrote to memory of 2380	2488	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\668eda83edbe3d93997e22b131ee0da6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b6404945e8426e5052a738b2d12a92b

SHA1
ebc123b66ec8e5c527c40fc92bcd3bcc287f3649

SHA256
952531d59cfa11054046135bac48f790a347873a76b3e07e3fc93a332d85a404

SHA512
a1ea2df8729719165c9f9f7f880ccac6fcb9f1c0cbcdacf45c82c45533c2a3aafdc0f3b33d2de97727d36f80e7ce6e62c5f85165a6d290a021d9c021abe3b60e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e71490bca3cbbecc808cb51fbd328c7

SHA1
121b7db49a8a2291e7c5e1eed3c5ec5204c1703f

SHA256
c97d4706fa858ea224cbbfa2927f0f541e63e8923c7c21afa8ffcd1dd822c1ff

SHA512
e7cd2de4a3c170f994494cdc88a0d76f8049ddc33d08480c60282bce51aba66f1191684374faf6684a3eea9314b704b6a5fe296e8abb8b73fb5d2d93485ccfb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d570e061d93a0860891ce41be1f5b6d

SHA1
3e24408ce6077b2ac3237fc09e93405f8ae95bb2

SHA256
e9fc7af519834730e0180c016f8d2b21082b8e035abd7728bf5979e37b7fe586

SHA512
1dd4a755da56cc4d1a49af2625568f47fe1397c6688a4b53563dd18fddef4c86d8b2db918944b2403e7c210bd43afa9e283d78cdfd0d5d345cef725cb85b388d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e02359968f4121d53610fadcf71ca13b

SHA1
13a2be30ce99f8c8aea9277b49f497d61a5b3115

SHA256
e35862b4c1f14ebb0db4eadce28b65becea2282740ba5e1f8e57ab05fb2b8b5b

SHA512
7939155ae69a981552a7791ba3a3285d3a88860e1c9a098f0ad8d9ede32920c51d62a3b9d9f5a411464ffb2e11ed47af051b8029bed49b5dd4b2c216646604d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
411524d6d922e5c8f5caf01d0086e82c

SHA1
7bdecbf1285c21b2f2cb3b9f25667d562287ebc9

SHA256
dbe3d6d78055f3ea13b3ae941d10c1c64a06546dd56382922041e5fc3948e244

SHA512
f21f03019d3d8c768b98d9a65cbbe364f394c28037ae3132a63fe9c9ecf5ad19dc3a5552d8cfd654143c371b3223cb0e28ccf122540cc6066f58a90fd67575a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff6273d0c830c1523141db43dd1494b5

SHA1
dc8850661d8c90e457cef616c1168b63cb1a0577

SHA256
9277198237febc914496a2c44f8bb3000dd567f071a8abc2a719036f51bd0f79

SHA512
5ab48a987fd549a38c1e47b7818acaf03076af0f1976f31008fd6540db423a307bcfa252e4eb6a05bbe4bd6bfd8824a4c71319503fdccb9b4eb4a6fc9ab06d3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e6cf3a7fb32d2008fd1b0874f814a8d

SHA1
2c61406b2a882cffe1ba65e3f64f0f1ae3900cb6

SHA256
0f24e1e8c4a956bb261a7dda462c85273c52ebae7f829130d82185c92b5c7e14

SHA512
28c624459e290337aee6b6f295f9cc39e3a395c262f0b54fb051d5fe008a00d9c7d1d45cc7d78c7b14dc0533b6565378bc46787c6268a0fef39b71657cf06a48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec1f850f73cb522bb8d2efe3053cac17

SHA1
89dc8fa529717f8e2f74e53cdd6de6bbf803cd7e

SHA256
b40b3326fae347d1c59b84657926592760049e48f70404eccc4255c99fdd9d61

SHA512
aaeba655b3b404b5a9b792dcaa291a16536b65bfc189ee4b8bb44b5bd5b29882bfc50d15b178eeb9ee5ca8f2cf9d05aeeab6ab1b6f5abdde4b99dad22fff6f6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d48a1b82d5506e5d2c625e9c4ebf2688

SHA1
ef4dbaa84c859c015d64b827b8ea3986d513ddff

SHA256
67f722ef2bd9e1eff4937ed74715e06edf8681daf8bf65d6b1be9c7bc1331854

SHA512
ba297d8ce2f1833e13742ff3af0dbaabe68edbeb1f53a3e0205543100348c04c143a98b786666d073f86671ecd87123a230552f40aa0762014262df689a19d6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
661b308c62245107029348c71972f026

SHA1
403aaba1420bf8e586bd39591241082ee1ad94ce

SHA256
8202f7ebb0ff50fd65a1b871ddcba64e04c86278c20aeef7b4e6865e5794f080

SHA512
559fa4de3d5f6efe409b00e2d2f066366486936c2b1055037abefed78a57f3ea6f1d0ce39f559f178a4c94927cd842a556670899277a2d938ce579f4544c6559

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
670ccb8eb191c8fb1941803b3e628857

SHA1
91cf14fa75cc46a5923b0154a655932ea70cf758

SHA256
0cea5f421d73a2431efc236cf672debd965134bd62b0d0c3deec3fbac19cef39

SHA512
cae23202eaf604457f175282cdd0d22757e6ec1cd95473a84959bf407f8956f6c9d23c02de59c350c7c91c41b0595bcd92cce83b181954e524a60ead95dd923d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b9c9896799464223eea6d608f0b0345

SHA1
6cab9818bfc4fd43ea57553ebdb9a1811b0ee7de

SHA256
3018fc457c1f2438a254ab680151c3630583409734335ee53898da2e4d4d2a82

SHA512
688f48df2dc2c43eff53de5901646f1fe3175dbd576860921ab67a15e69419abfe94afb06f3755add894b9e45c3d9bd083e2b9195246b847fddac4418ea7a042

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0007c9a3e1b923affabda2d0b2f9640

SHA1
8e793cbf28a5240abd913918895e5315e09dbfa8

SHA256
75abd6959f598a2b830781932cd1ff6cd9b673c7106b6d97b2d3b81659722e1b

SHA512
691decab5f2ac2b88be213d907d5853ed9829bfac5bbff1ac75351231b02a56d6f074b3500aaaba582f97e86728900393acba40e66fc96eded3baf90745853f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3bc056f15c894f00dfb02ebe946f27a

SHA1
d9636afa0d5cb76c501760cd88a93c5416882a4d

SHA256
66596d2a6f7539b7efd8e39883e1407a82b47acdab40f52091afd9ca80dc1149

SHA512
4eab6334116b63042f8e673e682c8dc7278f368eb4cf73f7cfb77238090a4861723c983596cdf02091e3b4defe4112160b08885d3d115195f8867661c2d24451

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5a0b0fa2577879b546b388473c67680

SHA1
3750e434afc9009696eb7e5d60bdbe763c9eaef4

SHA256
d57e5124b61ecb0915bfb531f48429e18e151ef7fe990706a144a1c53b0ff9b1

SHA512
7b0e5ec6fb11382531534b0fe5e1811cd9963ff2f5a4fbbf33dd967b8b22de05615ad93e4916a1b91af770945f541e223426ae7d65c49879049d3e0c2957d696

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5bd4692ba89591d41778ce9cea07bb8

SHA1
5cfcda4cbe42d323b9388868b02b306d84defac6

SHA256
810ee40b9f261e63273ea390969030497b68efdfb05337d6d7d69b3af77d903c

SHA512
e6c50417223290694374e98c286135eab091fb36e8ed3ae86f7598b5ac42fc229416a0fe790ce5c0de1e9f933ad3c5edaeb244aca21c0e710c43b84133026670

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4622121f572be4425c025af2ab71df72

SHA1
001106707082dd49eef2ee6169e652b28ab929f8

SHA256
9a2b8e1be53a9ae411edefd8ac4fc9c35852731b35ea1b3ddb99e4dcb30c9495

SHA512
6325ab4cede1189d07390c4a67665a2791eb9c19a292796000d0c507910a2d5620409223cd9a1893c058c6131c719c58ac86ef8c5a2706041c1fd0cbddb068ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c093e13c04c0365630861e40253094e0

SHA1
19c82ffbfb2480bdd913c6e842be408a8e45a1b1

SHA256
09f3b2beba904452ea3b9830119396dfbb8fef5e34c4816024b154caf052545a

SHA512
2bfba40cba0cf3101f5e181cbf3db4013ae2d527b5b08e8a664d5209176c3ba948c664b89197a3e3e9067871f988925ad9ffbd1a78279e87c89aed715c5b3cac

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD136.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD138.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit