0db79ec0e23933f950c0ffdab5ed9a5bb07b74d85d38273fed2d8ca704e41e45

Analysis

max time kernel
150s
max time network
144s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 08:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f7a68e1be976c8a4be17b38cd4c33a01_JaffaCakes118.html
Size

30KB
MD5

f7a68e1be976c8a4be17b38cd4c33a01
SHA1

939b06a34a93fbb35200eb3253695827720d3079
SHA256

0db79ec0e23933f950c0ffdab5ed9a5bb07b74d85d38273fed2d8ca704e41e45
SHA512

d8a89d4a25a2ace71f8dea23d4292903fb7f9cc6b87ca28a354fd26cdae32df702d9d3850bee45cdef04ab5085b47718b700959152375632b7836ed0f3f7a2ca
SSDEEP

768:4lJOorwcKhsHnsrz3BcaC0yiWht46HQVh7kMCu:4prwcKhsHnsrtcaC0yiWhtlHQVh7kMCu

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419591641"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A427A4B1-FD5F-11EE-A699-5AEE7C6D1260} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2524	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2524	iexplore.exe
2524	iexplore.exe
1800	IEXPLORE.EXE
1800	IEXPLORE.EXE
1800	IEXPLORE.EXE
1800	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 1800	2524	iexplore.exe	28
PID 2524 wrote to memory of 1800	2524	iexplore.exe	28
PID 2524 wrote to memory of 1800	2524	iexplore.exe	28
PID 2524 wrote to memory of 1800	2524	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f7a68e1be976c8a4be17b38cd4c33a01_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
70b80c132b9e55b86553484f23e81ae9

SHA1
7078ec5fcc31bf7143c326532bf0f761a91770a7

SHA256
1a434ece7248c70785acd78bb360219de2fd1f55279521a87b61d1ea02490890

SHA512
87797d54ee44f834651b5f03fe3692ac70424fb78ed7d2be43728bb3f3c1fc9aa2222f232eddaa630bc40fe73bb286645a0b51f5682356184e396415884f543e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7dcd5e511e7eb814ac38067eb1b5a6bb

SHA1
b32cf6aba64d115d65a8e4b117076a7ccf686de5

SHA256
3bca7d2b54cf03670fd03e5e5a05350b2b1dbf8a8f7b56476eccacd362a8e75f

SHA512
f4c708748de4d14d22d5075084f89f0c8ca67feec888cc184922dc2aa4c389cc4d88a75e8fa89cd1d6bbb2f770c307dc7ec9987aaaa0892ccbcf3d33fd242361

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
456250a1e8966516fcc2946887b503c0

SHA1
feddd89168916a4da392bdb43c9f9739949d5f93

SHA256
704aaccbe67d9b8ff736447e3181abadb0fc700922319362c858c0e10690a58f

SHA512
dee10b1458f967d0a0c2284c653725471a226a2592360c9018f76e10a388edac6225cc21a47ecfdb6476a53fb21c81096d95cea95aae34a996472a9164d0c5bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17545dc1dc4b21257a12eb1267403d1e

SHA1
9baaeffbbc4b870c3c734abdf5b7df8a35f99064

SHA256
4d3f7a6ab3816c1a4c0371e55bd360ad52664f86276da5892261c4985ae1fc78

SHA512
bde1e4440220b13bc65f57e3047117aaca88ffd67d8690bbee5fd2021d3b8925b714038c32ee688239f41754c88e47c85fd3dc93f3762e89241c41ab7365b2ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25824060fed95a4867a04d3a23f19967

SHA1
04a1bfb2f5c8084d45c3578dd23858efe54de050

SHA256
a90e2cb06791148869310753685d1fa640fdfadc0cf067a7e7adc0049dfa71f8

SHA512
0da49d696ef64b81247e272e6d73c6a19b8e7846c31fa1bbc86158254010331fcf4271879c8261e3a4e4b312d85699cb09b010194d7cd76c66dc093201a05dd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5895e51ea765a6c93fe4d4b492c66479

SHA1
e1e085e357cd669740b1dad584708629252a768c

SHA256
93ed1d64679fe201044986977d8aabfeff235999f7bd489858d19b834e4d93bf

SHA512
e14c132126597356933a94d7880b5ab60a925205273b0ac1ea1d6a446a8aa51ea13a12539b6d6be00a1b207f6ca4ec7b2d3054af492ff20cf422b303c80508a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b4f2f43ae89d134ba27eb288d40681b

SHA1
f17b8cea59b587950b92f806a7482691f49a792a

SHA256
3a931a068a4a021267e4e97330aaa6c490791d201d10e511111f4b8355dfa8df

SHA512
db1d1f5e9a1b648791a7559a9467a62a9353d15645e04f455a702ad5e4a86cb86ab2c9a8fc36ffb9d9f665aed25ae7f73ab4f58a8280b8a5fed436a76f2f7baf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1d2e15e5cd1e22a2453209baf259b18

SHA1
11f88541cbace8c6212792b39a5adc8d9ab86761

SHA256
b2de2dbb20048e70677a49aca17bae9ebc386895f750b85685cd112bba4a577a

SHA512
1bee7ee2133a2face153d42a30ca8778a9449f87ccdd2eedd4eae221e5e9bcd9f2a478122ba1c4f1d2ae88ec76a05089958f40c65e5e32646da726d98bbb0940

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f4ab3384382ec00aeea0ce46a9d8f5d

SHA1
390fc3d34a7856fbf04f6e133f8a00f3ebde7277

SHA256
5a2b271394015e6da41a8f64bd9c88dfcfc8559b4c5245159b528d1e4c366ba4

SHA512
177267db727563d97e46f4c593060eac70688c083f3633c19a8fee3f7871d37584f46b0595429f9cfab94ce079132d5ec4d52126ac1d4d195428adc0083e406a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f79b6db357326918138604d4f5b3efd

SHA1
edac3409b8f325fda334267d0c04b8b1a8f14b3d

SHA256
0e3c0aed5dd8f7ca394ae95e98a7f71bb3206884486dc7280e1345cc19504faf

SHA512
fb42cff19e3e0d48723a081b8b3b0cd7153908f3684f38ff1ae73fdfba70b3922b4ac92bf7b7d0267e51a6c514f0e0419d3d218c5912f3d8e7839a15840ed2b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49c43611627f68ec7da658e12133d25d

SHA1
ed8609210ea5cbe5f6650fa764da97ba908af2e1

SHA256
9907fd85489bc41101a9459df4ab91a1183477ef5f78571668e41e91ee328471

SHA512
fc3634da184b147607cc8cbb7d776a5234aa9c79e8110460f93c9632f2b14140f41132cb0ae0d2c9c21ea6e8d22a3d03b0caf1acae3bcb39a4fd31dd75e53856

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ed15cac6b14473b49fc912d02f9215bf

SHA1
3af0155874083841b16a55af790b079bf2234c47

SHA256
c2e49f38ecd1c9bd785810536a35cc8485383cc84147bc7a463ca819e714a9f1

SHA512
e406e1b1a3912abe0969705ecbafa29fbac7faa2db624e9945d92c0d5cd6d7c9bb809e8cdc49999d71c776fd628fc24b7e26cd289336ff2d907eb6cb6c8804d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3C57.tmp

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3DB5.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit