02fc04e41dfa1d0e69229c694f6266ca7f366d2dae7270a6f4ef9f82d09004fd

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/04/2024, 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00f5b34ae2fbe2fbe7b1919aeea39294_JaffaCakes118.html
Size

33KB
MD5

00f5b34ae2fbe2fbe7b1919aeea39294
SHA1

998cb25061b2631d7058aaef4182686549aa0620
SHA256

02fc04e41dfa1d0e69229c694f6266ca7f366d2dae7270a6f4ef9f82d09004fd
SHA512

a0da071af20ffb88c45646b9fe5593441fad7922ef6fd4f0e7cb03d882457b77db7c3c9b66e8a2572bcd90a4e5186b5d7f133bbb1e86022526630b6bf3e533e2
SSDEEP

768:wK4xuX0yRj312UaIRj/9xxZHB4+cntEpUsqjmOu3N:wKuuX0yRj3VB4+cntEpUsqjmOu3N

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420303059"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0B814071-03D8-11EF-8456-F62A48C4CCA6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1712	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1712	iexplore.exe
1712	iexplore.exe
1124	IEXPLORE.EXE
1124	IEXPLORE.EXE
1124	IEXPLORE.EXE
1124	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 1124	1712	iexplore.exe	28
PID 1712 wrote to memory of 1124	1712	iexplore.exe	28
PID 1712 wrote to memory of 1124	1712	iexplore.exe	28
PID 1712 wrote to memory of 1124	1712	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\00f5b34ae2fbe2fbe7b1919aeea39294_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
97ae60d72852549742c9f41fc6dd0d91

SHA1
e8559cdc61a197076782c2526fc8e1a707146b16

SHA256
6bb758c5a20e65a74946389f61bdcd6151c86373e433f1c8594e2a4b90aaba27

SHA512
2365a8c3a1b55f0d3f4258e5bc3ceec3fbd9140176b3b2abf14613f14acf7879c596de534645a80ef7c3f9bf174b98dc3e7b18adc0957f74ab03337dca0f91ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12a826808be8a96e54261a5ca48b37dc

SHA1
9bb914c880571319cebdf741115407d18e20325e

SHA256
1cd5e87283f9ea927eb1e29a19b49b62be3738e560a654c907a0ae2f50e7147d

SHA512
6c32f796e26898ec0a9750822df0e9681fb75512c5d7c178b0fc2f4830ae4a60c4f15187859f8f2e3b38e50cd359f109dd6a5a3f1f94d0018dd2714068a635a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a65d7222e97eca31aa3cf26b084879a4

SHA1
c5c55086f58c14e5d37611b8cb1a786b98a3ea84

SHA256
be19d16bfbdf0ea1af58125dd9b0cae4f4c1e59fe2135a7b59950b5faa438c3d

SHA512
fa8352528c6c268d99a4db7401cbe64c65255e785c4fd88f49aec83e515ab611b1393fa5dea3bf843377695d62c4e9f1b7f50ad4791c769497c62b6c73f83a1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0283e18501754f150f3399bfa63782a0

SHA1
2877c11665c40a899c31852ba451d412d1883d4d

SHA256
41928876395efeb67788533cc72f458f64d3bc734dbbc44382a238f6a771587b

SHA512
7176d273e887b51e82eb349cf18f4471ab2a96de5b4706bed227fba42cf51ef41e66d7fc67587145f668b9827ce3023c4a509cd3b34652f181278a865802c53f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a581500547fe8259621a5980f778e18

SHA1
c70d9fd131a95c98322677503c9f96c6652463b7

SHA256
80aa5b5516a10eb4405711ffd87c5a0d989e09b49676fd92ed32ec0d453b17c8

SHA512
74c8901ce27ac5f9c0384be9d0a1b5a3ece1cbb97db421556f9114556f6385b67ed081b0eda5c49f2310a9b404effc9331e2065fb097f08d1b3691c7da7a283e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70a6186944c3798804c12210e20222b5

SHA1
0c35de7450d5b536f3a56d348705df73213a0a14

SHA256
3fc01b7422b006a29ed5e736f7f8bf18cbc10fea30e51e5ae9d1e2b3e117193c

SHA512
9f81d6e6337c00440e6fd58a582d703aaa78bb2f3b6bf98d3a7a09a8f6e0c91b1971a2561cd0240d5b8aa0fabac838b21d86cdfc6656e153d15ba7ec36fba896

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6dd9b248e70d46d8f65d6c49250eaa20

SHA1
dfea9576dad76a61289305218abd7f8f78635863

SHA256
d6f536f3bcf1c7f2a6235cb7df0c1dae707a7a14ea54fe91c39e1eaae3a79139

SHA512
36d63e652731abb7a2ce095e6a9c4416d30daf9ab2f12e9287f15204d50ff7d0e149748f484d6274ebe8572e7239bba287784214c5010afbcb8f8998c9dc666b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43b36cae3574f5adc20ca4ea484e72f6

SHA1
f906a93a0dd39a334946be389a42d03ce3845004

SHA256
ee420eea465518bdaf181262da1c4b24a3a35b66ec42bcf437cc99669e19f7f3

SHA512
5b7e850abff0dc3fab6334f6b18319cdb1f3ad09b8e727921c7f1db24bcc1a08997084a976fecdd316fd0861ab08ed9edda31d6e168e207301423a80e33276be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e175299830748014398256e2afabcbcb

SHA1
25f638fe0706f6a2bd4177ad7bae5da9c906440c

SHA256
5555b706035d7483585e401af68b93189eebc2defef3cecd12d60296b6496282

SHA512
bdfee063f6d38b9717c3ba81c4bbc8efbdb68ad2f55070002170ef0757b3575774fe45c99e75bd3e862903ca89c83edc9e3b88f83fd4d09348cc2b94676698e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ce525eff3e1517a722b5310fcb64a9a

SHA1
cbadcaab2ac374896fe745b283e3ba44d775a492

SHA256
b5592ad9dc4f5d338b3afcf59fff5dbb91a284f8b4df1b8932a29734b0aed06d

SHA512
3b2d3920936b86ea49c8a30575c0a9a50fa50a47711bcf665b211b3aec3ba59fb35722760f1b5c95cb859db8218f0e2a86a7c461cde6d6818620acb24c0b557f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e1978496d2b0da644ae0652917f735b

SHA1
59a25ca6cc42c1d4da1efd2a25cb5301b745863e

SHA256
43a0b3a335b16385d1426a706e66c845ff2ca49d36745cd3807cfbd2cca8666d

SHA512
9cc0ab7d081eb7e1b5fe057c2788c5d67a34dbdef3dc0354f99b6135daf50787180865764c04a47a761bea1e90049bcad53ed46d36d5cd2a2732d029aaabae8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
6efb783f9263925a2ff5eb3d1b5ff64b

SHA1
b2129e6c4caa659c7a651a7c696cfcd8bb0e192f

SHA256
eff06b1340e512f5e95a253f43b31d76a787e12d0581d6b7b35fb65efafbc723

SHA512
b96a13c766b68afc2b3d14b73d5e333ea194747b484b0adef4d4476198c789ed4ce45a48f60f37b9b917343641d01d1336ce3d183d8dc32ec83a8e952891cefc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar91A.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit