1b7095f9a2f2df91e80898d264ed34f6b4e938baf8cc706c8643eefb88b5d2bf

Analysis

max time kernel
148s
max time network
148s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27-04-2024 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03c0a6908073cb4bf12ad2f4b2d68b10_JaffaCakes118.html
Size

20KB
MD5

03c0a6908073cb4bf12ad2f4b2d68b10
SHA1

9b114f13fec0f75d3b8fe838a12dd015fb5a5776
SHA256

1b7095f9a2f2df91e80898d264ed34f6b4e938baf8cc706c8643eefb88b5d2bf
SHA512

6f0f42ecb7b785bf00a16f7ab2f1a621b800181695cbeed919c47502c6657e46ee0a4dc3f9fde4ff8ea5c18803064efbf61f7a7389cb8a25b4a7b6b94a249b53
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIN4dzUnjBhDl82qDB8:SIMd0I5nO9HxsvD+xDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2CD6CD01-04E4-11EF-8554-DE288D05BF47} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420418220"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1724 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1724 iexplore.exe
1724 iexplore.exe
2260 IEXPLORE.EXE
2260 IEXPLORE.EXE
2260 IEXPLORE.EXE
2260 IEXPLORE.EXE

pid	process
1724	iexplore.exe

pid	process
1724	iexplore.exe
1724	iexplore.exe
2260	IEXPLORE.EXE
2260	IEXPLORE.EXE
2260	IEXPLORE.EXE
2260	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1724 wrote to memory of 2260	1724	iexplore.exe	IEXPLORE.EXE
PID 1724 wrote to memory of 2260	1724	iexplore.exe	IEXPLORE.EXE
PID 1724 wrote to memory of 2260	1724	iexplore.exe	IEXPLORE.EXE
PID 1724 wrote to memory of 2260	1724	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\03c0a6908073cb4bf12ad2f4b2d68b10_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1724

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2260

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e694f03e0452122e7bb544fb0375a9f4

SHA1
70827f98db82f1691b38889d95bd5305de978c2f

SHA256
31724bed77789c6f0d2863578a05fab114cfff28e7d9479d1bfe83becfd2028a

SHA512
ad4c062356002c8e13e92d5211fcae4c648556503e7c2abd3c3f71596edfc6b5d59b6e8e25df61d02a0b467e534c740657a936699eca29540ef0a915624bbb51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4719d28d4d96996d4d9b428402717f44

SHA1
8fd206c78c8ec2c62b48e5a88c3f4cba2258d538

SHA256
1802933fde27161f46235941cd2d15da83cac4cee4584fb06a3cca4007677f71

SHA512
75c1823782dd501f7873eb02ee519478a53d3578f2ca05e44c9df9dc9029d711a37f82e362f6088e8adc399b925d6cfa4d42e47ced6019eb98661249ab5f6069

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5b90a14dc429eaccc2220ab0e2dcb6df

SHA1
bf4d00742d52cda77a9fc7c16ed24c1714a9eec3

SHA256
77463aa472ddbb3f08a5d647b7468cb155667c110d2be67fc8db6573fceb4e63

SHA512
e96ab2ed6deb320925cb6648095114661170477e55a9488dab76aa9d85dff0df36996b55df3a2f8fa78b23f86f94dcdec5bc46a942abcc26a45126f840745706

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7100ac8813a57730982d53e66c4445a9

SHA1
409b394cb0eb015c344b8f89af3a5e42e430c954

SHA256
2d2e326d5cc393b71077f699f4c7aad1cc8010a8060f4adc5882dc28670e2f0c

SHA512
c8fa0121f1d219252eeb2f007434d9161978ef22bc0434bf6f1543cbd9e5384d0a48f54e63e6ef0b364fb7744ab7203ab23511992d1bcdf559d482dcf71130ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7f0fa56f22e29d7e5e273b3e728ef943

SHA1
5e0934b689073835976f1074e84a57f93e1ba9ed

SHA256
e4228b967e696878547587ddc29ce95e28c7996c2b2250a0cf505e553b099eea

SHA512
6495613188e4cb506fee971d7b7352f62e7bb9592ebc72cb86d5b2b93c9f5a29f052b0cd59785ce7602bf62760338d33499b79a18c6202129d776d7b6c2fe173

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ef8678143f78273dbd843a307409f0d7

SHA1
3b3f8a2e7cebfe05c096816e595257dbab3986c4

SHA256
2b67fa4ce662c877039eaae5717fe9079e9ad21d6cc2d514a49105f842251b8e

SHA512
51c6ffe5ffd1bd6717eeda6b9a8fa3e94cdc100e359cce1543d7c3932feb604999047d738bc61c53dbb62e3cd9255b8daa73a6b96ce75a46ae2fd556e505850e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ad60e3662538dfbd2048c536eb6d44a3

SHA1
5f12ca595254c8f16bb0a9fb632a73cca76bfa8a

SHA256
40b6a267ebc368e6d760ee5d1df58d7288f86be20afbb89c6926731af8acd667

SHA512
3bb49e66af6c5c97b86ebbc2a4840e1b16bc08d9f987de8ee625aad2292848798f78065dd95037e2843e91180f3e85f0e73bf7cd5765e21755962abb488f932d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
94e98fab3bfa26b3e70feb6d47889a2e

SHA1
066c0d0cba396f703e71b64cd2bbf23fef83e783

SHA256
955cdf9be4df3384f89b19512dac27115fcadc65de557fe5cf9b3782b5dee2ae

SHA512
9fbac052f90ed8c452c04e7056c6e614d59e6eeebcef3bba3bb4970840329d16eddedabfc21258cd30dae7c003c9c9120fa9ca3ee5e9072b0213f52c72bf81b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
bc72554de9d67a88fa67fb5e698ca650

SHA1
27c6c35db16c27bafaac048f3757ba7a8a99f732

SHA256
1b76098dd14450567a68521969485757b401c214f720516bfbc0c3ec30bf5f36

SHA512
526c93e61fa694dd466998e1027ddff07b8901afe35d1bb840d59ecf10f8bef8a03b1490771b79ef7b7cd09608aa4cec2fa4601f8c93102ca088dbee6b20ced1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab984.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA56.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit