15dfb249b67a36f0014a67976373fac88efeffb64b5de086bb03f781ddac9a75

Analysis

max time kernel
133s
max time network
128s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 10:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

674211a6f80f01d502844df66d20eff2_JaffaCakes118.html
Size

10KB
MD5

674211a6f80f01d502844df66d20eff2
SHA1

dadd5581435316d0990572b137ccf070de2a4c3f
SHA256

15dfb249b67a36f0014a67976373fac88efeffb64b5de086bb03f781ddac9a75
SHA512

0911c1b83809eff7ebbf0e1c9a3028d772c2e982e8fa1705416335dcd05b94288590f455a242980c58493639cef693ff447aa17bb265c33ce5ab22bbdfa808e4
SSDEEP

192:1ggSbbrMX8n7y/u3D9K3Jedff1pzRsn741eBPp:W88nWm3YUnLU48BB

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000001b2f335a6e0a8e144fba56ecec93b933feeb105fa38cb8c86342f00688b4031c000000000e8000000002000020000000eb4781df60c9a723ecf19a496b294e98335942e61f141b692132d3dc9e70361490000000e12fc611ef0758891b202fef7c1e4dc908bc9afa88b3de95034664079ee72f3a97b87b2eeb6cf0d1d7397f238f4e31c8bc3f3416a34853a48446b32744e54b38285d31691e57a71ae86a6122f429a8b592572249becaf809045c12efa6cfefda44cf649819c4baee0c0d6c8f7d956d3ec7b7f5a5e6498340d564a5ea157f5c5d420d0ed2ccb323389f498ceacb9feaa5400000007800c51cd8a5b7185db561b640be13232142e008cced92c38e1e9f4dd0b3767e042c8fe4f232e2c85f35114ed72b2b3e258a4a4497f46bd187e4cfb6809f4e72	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d02b3e4ef0dcda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d99090000000002000000000010660000000100002000000007e07a891c06e2f1eddea21ebe35533c4847793a10f1cc44e7f96d61ae01b4d6000000000e8000000002000020000000a9270ae1e8c613da943806a8512babc0c7ceffbb4fa828685594f14f8dd59e0e20000000b5a2f8e96122727c7fe3e5302decf07db2fc6c749bb777b61fc1c888056fae9540000000aaccf8af3ef12a467c5e303abda013982c02f938789e9157025bb738376b6bbb17eaa14bbfb9ba8d1e9fd134224298e8931a9eef1f598df8bd6d852e1b4c778c	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7701B781-48E3-11EF-BBC5-7ED57E6FAC85} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427894594"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2348	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2348	iexplore.exe
2348	iexplore.exe
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2780	2348	iexplore.exe	30
PID 2348 wrote to memory of 2780	2348	iexplore.exe	30
PID 2348 wrote to memory of 2780	2348	iexplore.exe	30
PID 2348 wrote to memory of 2780	2348	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\674211a6f80f01d502844df66d20eff2_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56afd1a08e1a57a3203067136890d9dd

SHA1
0522c42b24e79377f03736f97c98b19369563f16

SHA256
251077857cbbd1ef5568f7b9c13bcb3131c8c26d5207f0df2247161d8c4c2df9

SHA512
e29bf24c88fc2aa6ab9c4bf78e5fcfe3e4cc049b97e7d00892c8987869e6efc3bb1828c4838c1fd1d668c2f5d75269dc3cc52db27b8bff4c2c89b8930dbcbe50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f124ab84a24ceb58adb794aa6660d7a7

SHA1
b1bad848c8fc0e4ec2b4153af088e8cf37ad51dc

SHA256
070ad6ab4f10d5eeba9e0e40c4070a8ddb7432f87167699ee1222e8fc0f1e7f6

SHA512
df135819cd7249479548fe817707716dd30a1aab08800f0b4f09936dab6af33f5acb9cacba269752d3b028b7d4108d31a24c38a3be58ecd9bb7829071ee74dba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca8eb32ecf6ca699cd7c98bd1ee6ea5b

SHA1
86313f63e23016089815817fb46a0cf09ed15bef

SHA256
db696c122d495cac00f9f484ba2e21f9bd1eb4b63da1f1d1ae0b363c672be524

SHA512
77e22cca3cd9750f3e3eedc07a80ea327df46e66866a92e4b8f11840164ea3eaec00358d88a0506c0dbbab50859f8ae55ae41430f49992b007b740d399fd4ea0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
664d524a2b27e8175bdb9fdff9c672dc

SHA1
a74d01fa2cb13ed496a0924f75213388bda1e969

SHA256
1038d4a4304a6e6b32c82135778a7a46c14075f07d3e0b979707c3551528fa7a

SHA512
8df10de2e2d4b8d0ec2ae5c48958aaf5a906818e43a3341b468c734758e0faafa178fcda5cc5e67fe8f38903c6af4ae8b2ba3bcdac0bab2d199d0ba2c803518f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6972197708b394cbf4f16e197a229d5

SHA1
afca8cad0e883467cd45737c2031c7b008d8ffb7

SHA256
cbd717a0e9c2feafa57011a28bf6cd9e609bee3119f91d3d2633359f08fbe003

SHA512
3515bbae7b8f62454b819293dbf3b37bab9e7e337b56198afba045b057d151eae2d7fd361c7716a202fe37466aea5fa77be88bb4b4a6d7413d8b134ed0dfd0cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a31407a4368b1a513f68e8062ae58d0

SHA1
d76fa4612abe7fffee3da51fa94f60a622e8ad3d

SHA256
91dafef510463793311edafe1799840cda16bb3bbbdd7b1a27cbc2dbe62ee14a

SHA512
45dce454dfc6c6199329504d50a9825d1fc15ca2b9a4f427fa39eeec3c32ab0a0a2b540c71852efafcab48cf0973e951a27ad71e7715a8d1e0fccc6440f4d399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bf5870c646acae83bbee8b32b4e7156

SHA1
d428b4a604daec0cbdbd384ec5698517d3cd6b5a

SHA256
ca40008398ff1c5c778d5a2850cdff04bf83027ad7d78f18ebdce5365fbf4ea1

SHA512
afc68fcf2c4db82f75a212d53064fa36d464bc8b42a13c763ba51e578e481efde206ccf38333d1d731cfa1c5c2a23150e8e39d3706d76a2bb10d3693a7d64182

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38ca67d43337af1332b3b947e2481b1c

SHA1
86595557a01e948f62b204209e7ec11d1999ccbb

SHA256
de2ebd65259f74c770ebbc64398830437c7142c4a0bfdeadb15aca4b606e0a2c

SHA512
551d878d99675d05f15940819a088fe6a9a700a4b7c52efa9b893365de5a20b1c34306ee98f5ea1ca2430f99d3f1b4f9c3ee5c5f76af7c36039980043219d71b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1b559457654bd5e8494fc19d73b7aa7

SHA1
07381fa8481d48a6ee0b7cc4972e1a0813a359b2

SHA256
1477c647f31871c128f6209c87ce503dbd576aee84262bdcc0a367a7e0c7e123

SHA512
9968ec60a3e882e0eb117cf7494fd5abeda62ddd78adc109f3623dcef77c16795b79ed768f1a4c2fc7e2293ec64cdc66cc53f6d86e03f27cb72542ac5f2e7096

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2cdf1ee5aa1645c4a23270ee268fbb1

SHA1
723bf668cb60af23dd28d984dc294ba44bbb8678

SHA256
c68e9397e02de0fd351eac6ef68e6a53b9baf7695e4bd7479076f7a6eae1fcc7

SHA512
e28a3e3506aa26bde41be21c28583c314bb6c50fb6671e1b0f5749e78cb50a1b7eb328d3dc8cf6a64ee19b1409fc36791c7136ecf58ab91cfe0d026cbcf2c192

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9f06ebb7de024e6bd0e74aa631eb098

SHA1
ee32374dd063d862943de3125a4fa669494495c2

SHA256
37d780656e9068b9ea508cef8a29ff930f3a9b2428411e899dad9062ac076416

SHA512
1d08a655fc02a17581ee556b9c5caa6a647e07efb11aa95a57269065e892d73243894ea1e9e5227de5b36734044d87d89f14f6f2b333bbfdea102279e1967a9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1106529465df7565b7e6c5fe83c4a86

SHA1
39e0961d63a53ab7757b3b84ed5637d6adf6d159

SHA256
aad8ea43a326d92bf49a771fd57db9c7021ce7acf868e987ee26ddea8c42c71a

SHA512
74eaa62f28e51c7133759b00b4a760e6eaa41750fddae19b0b595e2851bbbb07138020de77f59959d1daae6babefe0c4ea6aa31fcf96a45be239ab7e4b143b23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
954111b3f3d55a443e5df04e1b7fac08

SHA1
81f8dd5573fdf663834afeafcd05189d359522d2

SHA256
85e1048bc7bf179b189487879f409559cd89e006e725616d4325bb7466a79a10

SHA512
b3aefe0470d4d433c7504f1811ef9f8d8578e29f9de34e5b900bee1a536b3935fefffed63ac638a2e2937aec1270600cbda5e7cf5099049493b2cdf2c09a6fac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
576c2d9ca41b7e9c81f95d9fea51501c

SHA1
0dcd9bcec90d7eb2302a6eb1650ee3e7654ad75a

SHA256
49ea70271183ae65057a40d7fba9f6876c3e076d80a8ae170e003965af7b98ec

SHA512
b672895cd8e4a22edd4f108958d9939a0e2721f5ab20c8b30685cfc59fd9d3eae23273e1bc4454c1ebc331878075ca08ca6ec51fec97eaac647ff07364c11d9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff77e50f84bed14bb4a0b81b0f367211

SHA1
0cf6bd330d769a60199b247668b157313f9864cf

SHA256
056490320f6c29c93c4327fee7d8b70c4c02dceb22cdd26ff868a8f1e2adfbbc

SHA512
40d7ea8272f4e62616c936978ab25cd21d01e1d2f79f8de3f49e1bc411d03da52b2efefd7abe9bc148de016f7c72f6c794fc196419290a69b2b4835d4d4c888b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8aa8364a78fa0a1bb3939dee717e075c

SHA1
93d09412d5b2247af4b0ea2d056c08ba2b7d7751

SHA256
52dcc6ac7450a7de42e2a5358ccf60783429230f79846cf5f6a13e3951685994

SHA512
e6e27047253e77057974d3ad82ec4f57235e6b0346a708c48546fff4cdc3236fad8cf20b2e7b2aa9aaed8be036f14e7a3587938ae365e2684d1bd86caa59e1d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41c40a946ef8bc90501db88dedbb86a0

SHA1
77b9277c3481a22915f7a31ff8c9135f91e97ae0

SHA256
48c221b53da55adceee45fe21b22e4a05dffa38d9b3efdb37c379bbba16dab31

SHA512
16d1a3d813a01d135b577df9156acdd361722d079a6532f9b3b0fe83db10cf6b80000e7b8c820f06e9b3c703abd1ffed1cefa6340b7879c15bd171df325a8151

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3B9B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3C2C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit