4f665120312c92106e5c0485f95a7b990bf5f925fe368d065bffa0de26e85986

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 12:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67a4d5b717f56780c457e16d1509d357_JaffaCakes118.html
Size

123KB
MD5

67a4d5b717f56780c457e16d1509d357
SHA1

2de41c79dfbfcbca3c48186b820e492e63f96127
SHA256

4f665120312c92106e5c0485f95a7b990bf5f925fe368d065bffa0de26e85986
SHA512

507674d6fc6b8bcf2e0115c2bfcf50982d622174ded0ee35947cfbd83d395be59e7e79718f959e6d926b7202035c9efac9b12a87d33419f79e214cbc8fc25d96
SSDEEP

1536:KaaRj23EiTheiXpRENXwesCGkLYTuW2VAH:4x2U6zE6ILYt0s

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c000000000200000000001066000000010000200000007f685f8dc10c94ec45c33ec2707a50eafc7370b0020cae28797c00688babb1d5000000000e80000000020000200000004c907feebbc4982256938e53270368e1408d0865b9f58680feef8f738fe818449000000052beed39e7f90178b42f091a66966907f8dc6e15a12537b0bb3a67bc6c161d51f21d3869a51b52768f99ec324b0c96836d100f38a8c69e16398e5080052441e2aa1f77041ba54220e3a4fb85900bd2449835ed3925e9b3d101b1f687d8a7f520aac8e291040c953bda8b378d146b4225c935f544492e45bec8ba8da932da109e8a514aa6e4ba6d5e4fd047e41974a12d40000000d26829d5bc13e4bdeb3144f1ce77bd51c46cdc5f0d1adee99bde01e8bc29053b74b5e5c3167c119a43c71a68c8fb6f3035e17667e3364d133ff4c99ecca41acf	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427900583"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{68B21C21-48F1-11EF-AD79-76B5B9884319} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000267ab48b911434d3948508d5ec4b4e9b53b1615030a97c736fd0954267a2f921000000000e8000000002000020000000c59e7ea998d0b50620751fbe19bd453c5f03aa45092c7f44ca9060d21f0d2aea20000000d41a6ce2202546f7d6e3b212c6293aced76fc435c3e46240bd3ae0f61557966040000000f6840fa1bfcdaecc5365faaa9d4e56889db09d5697a8324ad63fa37c3ad51cafad27ed33379b501ab47a687043f299bc2829cdc185c90157058eb85a422aa7cc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b03a6863fedcda01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2604	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2604	iexplore.exe
2604	iexplore.exe
2304	IEXPLORE.EXE
2304	IEXPLORE.EXE
2304	IEXPLORE.EXE
2304	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 2304	2604	iexplore.exe	31
PID 2604 wrote to memory of 2304	2604	iexplore.exe	31
PID 2604 wrote to memory of 2304	2604	iexplore.exe	31
PID 2604 wrote to memory of 2304	2604	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\67a4d5b717f56780c457e16d1509d357_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e98d4e7b2b78b7477812cab0705b9ccb

SHA1
b9f1c4dece921fc39e160f595f6563b8c6cc1731

SHA256
1836323a643f4ec49f9dd271e95eb7b47c8a02a85cc2b6d344d2c96bac1f758b

SHA512
53edbf5945e1cd45209060132042f73d56f9b94641c117d90d9e01df3f314918c6f9f489987b992b70de2f1f3e9a0e93d89974eed7dba24d430bbfd590c86c31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d004fedd2dab0142d861171f2e5d4353

SHA1
9739aca9951930d67d4ae77b04f631c16b71f3c1

SHA256
e102ec7519a74736f41e0d52f74c4cee989e64e835d0e369c34f5c87e071736a

SHA512
fd923c2b9457acf7c9864731bfeac02457d9868ee9d65713f2a9c462bacd043f2d63e1507105861162d14724f234e6997199c243c959820fb5afc0f62b08f9ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
dccf1b9ae000954446c00613ff374cac

SHA1
19101607701e654396b63f0a5d2b56bc9d86a601

SHA256
c0c7c64aaae92c60828c94fc8469f294306392c983442a01ddb9c934b1fbd358

SHA512
3a82c723cd5d1e097707b790c71a71ccada3b4742d6df989773fb7aa55ff246c33c0dc79e22e97d9838f0cb38fc26292968557db07641234678ccf4d8e84ba99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
677309168d9d0def3278e9fc7378ad11

SHA1
29024c0d38f2d17fb921f9f1e508ab3c83934288

SHA256
f6d59ced447e403038fbd751e21def29c1a9727749ec54d8dd1cb06e9b6c9bb4

SHA512
bbe71ec1d2b5eaa74ebaece7d23aa4bcd4e6b3d3a8e3db3b7828db207ae993a2ef354e9a5d3ff2764d1f9c01d524c2c80270945c35aac0ca5432433951c549be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
79cd5fff2d6d679be7827984dde120fc

SHA1
4b9d0fc9e3d5041f4f15e4862f11362c9b956efa

SHA256
9f71c5c6d95228f7978f85941167eb27190a434e80047b70b2701b7907665c17

SHA512
859c59cb02399f0b11bcb1758ca29471e205cf8c63f29778d9303a2dfd9a6ec7a9cfc2fc7c014ac9d1025e81001a5eea718e07d62834e1be8c8093455bf6731d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7c883e31466ecac283bf1f47ef63379f

SHA1
bb0b6f38fb113270b4ebb51e8eb0868f97b3014e

SHA256
2603a7d86aaae2700a03abb9c7b8fde2cacc8050d741a206e4a52398ba956ced

SHA512
25ec571c848d6c0c26c466cc99e3d161da9d02712b626bec5366f325b44785e0b0fc3245c4ac3e7346ebd7aa80266289141537ffe0518e2c45ac85ff7dabb7e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
10f5a8ba9728d295b8c0dbce2f769d88

SHA1
a23c3d8136992c1a59b76359d32d1fd10a97fd65

SHA256
8273ddebe465b1e4e3a2e19f67362090c216cc53cfddacb83c0a4e9d22a6c4ef

SHA512
720936eabe13462a1fec8dde94b32167ec8f5e0ef95db4dd1a85c003ce40258b200532b5903fd0d045e05b836af8159e9158f9a967eb653c7f004630d0da9d32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f66629255f10c2b0ad34319eeebe625c

SHA1
441e2425293d4febbaa9617b73b6bf6f6152d3c9

SHA256
9cae6120a77e3237d29c7bc1c864f76a2a703799a6f731fa3bc3dff00981a0c2

SHA512
b3a983bb002df21ae5cae458a5c5a88a6abd7d09a28d36460374fb81c8275831a62385714a365b66819ea12371c1be4ce03c467e4924ae2d823b79a3b8c71cb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
efdacca503cdd84f67508c777a9cbede

SHA1
df625a3e469800e10fcd22262961b6e7f2d31f31

SHA256
4bbb5d5a41680e8f8cceeb3ce69e9db824999834225501a2398af71ea2aaaac1

SHA512
02b78782ddf026d7aa8d62b1173e68c286facf73e7a9e5da2188c756b941c300a6e7ef7defccc3dd5b8025564518a6c3faf7524a1769068a9623d6d202434057

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
329605fd6b161525d38f22ffd5f2b5e1

SHA1
f0eaf76c3481ac527c9b54bfb58a96e29d760a95

SHA256
e0527d08b5b0fb70f542f04d5378ab232095ff04fde724b3777dd4669b4c9ce5

SHA512
035a4748900d08dce1b83617ee6232eaa2a6fa64a8b46fd1dce55a9f85a98d956a90c44cc40711224394941d1f837570d65614727d2df3ba37a64a429056b584

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
55eca96d583f0eb7e98bce16aa37b986

SHA1
b2b1fc8e4172f2e753cd3c06b9ffdace9aef4c85

SHA256
7aefc18967818f561c7ea759ba5139587006c6b04a3690144320250562550c19

SHA512
1cac4068aa2a4c62fe4fd3cf39082fe933881a262d9d7afc35077d8d458936dfdbf73e0e38b5f0e754fff69bfd152d3c909ef39ca34bab24b6e200896f011c4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b0650276fd9a02f49e8b53405e9a3eb3

SHA1
777f9ca7ea524d32385387993c881a6d654297cd

SHA256
884c1dee678fd15a7b010bf68f13c99c75edd8a42edd4de07b81b2b78ecb70a2

SHA512
a24f73da1c127a0072ce9aa0d9c09c275f484cb2b4360be7063ef9a143336f1c7b2d0343fcecab5ad12ba08f904bb3740567330d95b2a09974db320e89a8359f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
95723515d2950b5dc4a4160c73af83c3

SHA1
0dd037c28d7eb4d8e10e5699fa95bde5de1eaf6b

SHA256
4aa0e243d460b014fffdabc9c91390a93cc212b38ab0c748a2526a8d4264554f

SHA512
df091953881bbefb159cdaa44491da66e786fa45abb485d068d9ef0a654cd5bab69edfc4f636f27cdbd4cb013fe2713e01f883b4c164a6727b3d8ada62883da5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
71662562fb73de58709b9c5dfebee134

SHA1
01d449df95c7ed8212fb9069d57678038363c7af

SHA256
a33dff0e22057ab37ec4586adb4332621e161c64ed9faa7821b7c2e3df179d4b

SHA512
3f9095343a5357fdb75286da424ce5cf22690cfcc77a6061a1050b2934ed970a7326f852239ab920e52a6ea198fd277ddc92d71a9a009d7f985b53010542cfe8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7dc427a9bcb407f518aa0a0d7a589d7a

SHA1
0b0567388c8262f126cf39c40337498fb1657693

SHA256
5c8a625ceba2ebf6a2504c310942105fdedd2a1355b239dea48d1fbf122406b9

SHA512
03dc85777c98dd49c30582cd4905713ceead8324d398b013a088222db0c74cadfc8d73fe40205fa4018d4db75eaf924903ae73647d054e57a85e17627f5b6a37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
53be44b6c17778f82840ebde66a6d8d2

SHA1
da217b36896c06389c3ebc72add11e09491f044c

SHA256
ee270ee426443af389777223db0da1c899e2570320b70e8e985ca1cc48b2ffb5

SHA512
ec6d145c88bf6e62cb9ab0eee15f9897794be88f0d6cc891046d9d49ffa164d99ed8049e6e0339ee92e84f01e13ca18074db061cc9aa93a876486c98223b7b2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
6f691effc1d33636780f120a7f8e8a24

SHA1
858f5d9e56f93f465d0d06498c7801394ca985c6

SHA256
e2eb5326dd6bc8009ed802c3adf665b844365590ffc676cf3ad017087affe981

SHA512
7aff07ab549ef33ce5821289b779074dd29d7451e33de07d81bf952dafcb06ff7a98e85820ef38d6b4c02a15d0b4d5a978fb61403ae98b099cf505f0412c9a0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3fabcf35c736fd7d105660603817bde4

SHA1
490fe12f3b67eb16dd00318ab1b709241c7bfe8e

SHA256
7ebd6a5187b019c61aeb011a5f7d26df8c0fd11c1c4d93781cabbe1a5a6aa0e0

SHA512
f0788e6f32130f8f10dce8d6ccaba40ccbedc790e4458b0d33e99e54ce6b294546edb4ec41dd59167f62be15784e6253c5956e00060ab68700fb3dbbae051c50

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD1F0.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD1F2.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit