dd2aa599a8d1d2e600b4d8eaf2c006aaeb29890adaf61ac5cccf736250b7ed5c

Analysis

max time kernel
119s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 15:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

edc83d8031fc918b139c167ae85e0a45_JaffaCakes118.html
Size

95KB
MD5

edc83d8031fc918b139c167ae85e0a45
SHA1

00568da9ab5a3898cce97d0a3dcfc6a0354b831b
SHA256

dd2aa599a8d1d2e600b4d8eaf2c006aaeb29890adaf61ac5cccf736250b7ed5c
SHA512

04847efe863123f6d3d9e95c0ac13825b85a631238d8ab2773be97c9873865990f213b525f76bfc5728cafafc8709e3ea7b63d0044a036cadd78234b23293702
SSDEEP

1536:6llaTVP65FMsEhNiNOi/s5SWN2YNhvVwDK:6fahSH3goI0s5b0YNBVMK

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C44DA0E1-F81A-11EE-8698-5E73522EB9B5} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419012303"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2808	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2808	iexplore.exe
2808	iexplore.exe
1392	IEXPLORE.EXE
1392	IEXPLORE.EXE
1392	IEXPLORE.EXE
1392	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 1392	2808	iexplore.exe	28
PID 2808 wrote to memory of 1392	2808	iexplore.exe	28
PID 2808 wrote to memory of 1392	2808	iexplore.exe	28
PID 2808 wrote to memory of 1392	2808	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\edc83d8031fc918b139c167ae85e0a45_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
5e624c596e6aee015e97648a9ba6093f

SHA1
d17cea685f8b7742ac125a4889de2ee77e275850

SHA256
add15d04fd9639458fe0d6171f4b6aee13135be1dc02d56d8f7f45760bd17f52

SHA512
b89fd67615b59500370590b9dbc4df72db0d3ec439f2b96378c7ab28dc8f34cdcf508dc258baa80f92e95941b744c1ced079ad85f8bc6a945c3a60e86b1acfcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0be58f59420697904e8a30a816d2be7b

SHA1
97a6833832094f19789f1da6d728a0c72e2aa050

SHA256
fde236128bcb64076ef6791f7dcf38c2a1349aaef78b20557d3aa180fa279448

SHA512
978f317b85d1483da1e7e396f5f45bda952df871f91fdb2416266631f3ebd4fa23880da2c995c4dd59078955d3f9ab64f058b2c627ce0cfc78deceb1605c3449

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f58bc94c2727d374f52c203b2b256ab

SHA1
99174958014a7bd6258bfcfa55a96bb2f44c0aec

SHA256
6358653fc9977b70f6cce03317ed6e95ae2039742411b1d049b8d23ea8077229

SHA512
2b82163eb80746c6a67936f43e8cb9896bbb23ad25099679a460edf4e02753fa0ded1017c0ea85082c162cc965711364fdf4f52a429ebd85be66c26810f070bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
529933ddf17af206897b0e7e20ea59c2

SHA1
66993441d1dc1bf29bb71b7c47e1ade206b9a5de

SHA256
894a0d5e49fe262fb4b9dfcf69a0f1719bc97b9261a12c7ce23b761917682c74

SHA512
22c0727a8843baffd9dc781811985a6ed8777239ad550c87b223112c7ac3665559e335bb7b9c88182e314bcf4b539b2638716998edd0e71d3890e925953e6b73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9ede8583d4f2ab7afb08c328ee04e82

SHA1
2dcc250e35f4c2b9ae3f355bff048ec645f165a2

SHA256
56efd838db931a7d0e24070c098e9a7afa2118996d2bccded6c1f942e87a20b8

SHA512
c9fce2f72ccb1eb0b22e4bbf4faad093917e36aeb169d98ce3fe6bdd4aa8fcc18c1eda87bade60931549216a4a059e51d22e2435605d4c468f53fd5e19b4aa4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3f5f07bb5b816c27b834b1158044694

SHA1
fb4ff70be5c884db0cbe528b4b2d6a9c5b3d0182

SHA256
8cb86e6c07cbef3d2f4836b3792416c67a6fa48164b68e09755ffaad50268aec

SHA512
cd7c7f78f2bdbe53c58e8d7baf82de42a2aafca29e895bf93a48f2a49b3ecac269fafb871472387abda023241ef7704b193b3d7be8f90add10b625324f8bf6b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a8385d1f181c8b9911042b953c64005

SHA1
b3dabb6fcc85521f9341957ec65bd6555d04956d

SHA256
a923810c16950c07445f2222e559e84319cf05524cfbdb076b8992bef379b332

SHA512
0f373c6161802018754184f76dfce3cc02dc9415036b92071a82a117b987d03a1cfa87d51f0d3e9f971ee8638263d38c495635ffa7409b401a7bbf6453c31e9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48a102d3d6d3924f1dac2c4991e480a0

SHA1
eb1586edc7f2c963236222734547d2c162152bac

SHA256
53854d6062916ad21031cd328da9b7cb7123f529a8ef7832d0284c2b16ac57ea

SHA512
2c99e49c6336d2947968c9f15574982310385748c5044bdb6f6094fdbb4e017406def7248ae1ac2390f74c79c8e316bd7b3611f422bcbf0a800dc589ed4e5fce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcbc441cfdb8b59b8751f1f603e48745

SHA1
25eddbaaf874260470452c6fcdb4e65ef1fbfa4f

SHA256
a690fc1dd1fd5da50938fdf4a83e2e5bbb33a106e00f3e4dab63ff0a01781827

SHA512
9d4f37af9333516941ccb94b5f23a4d82a60c36b0d5cd3de70d2284493854df27ee301697e31e68de3ef0fa242e45c0570d58c30944a979298e3fbc2f74811d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4dbddfc5b9e229b997e2cf0b25322624

SHA1
c56f7f1295928619d61a28ae3a954b7d95e21830

SHA256
9554820799b7f916b2ca7c39c8d583a3e4b8e4c356e35f8afa89f6a66da55d14

SHA512
b896f22b0027cf91e354b42be432082b0caaea2d7ea2a2a3ee5242f46ba14a79eebd693ca4d00e638033780795c0b37691b50d6925f72e9d1c8ebdfb99d9f69c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c3329f92e53972d502941f61575791c

SHA1
7f2252ce35728bc522b8d9d65970081cd2f7c196

SHA256
7f2c5d3303ef456d377c7ade487c358ad127b350e516cb9e7272d766ecb116e5

SHA512
ff7589ae7e47272c9b0a8b3aa35aef44232639ea0c416a8d3f2b4262c691e127a28dcd1f8a9b8be86fecd72a950446ca5b9a10d89fad3d354a4beeef79faa2b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
560bdc60fc83a4f6da015b425b5bf7be

SHA1
cef7eb53d18c7abeb2aec57e1f2ff03128c2325d

SHA256
34aa9c89f6823013124ddc9e32c3d34d0c4292b8d07452aa5f51ff9d33f6bbcb

SHA512
b60a400db841d77e49a9574f220b6c86ff638c58605f945d18cbc66e343e3cd67c160f36aabde0dac90eae34207ba6f426abc48d30aa5d5d427445b92c4d3c29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7771.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar786E.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar797D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit