a237b9dc7d049c5ccee23c89e1b7adea392da4d75aa4cfb2846f60ca83b220af

Analysis

max time kernel
150s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-04-2024 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03c38c6eaaf9fb46b42ea283db0bfc3e_JaffaCakes118.html
Size

19KB
MD5

03c38c6eaaf9fb46b42ea283db0bfc3e
SHA1

caa96c22e2f5dbe6f3485b8097208e4f925f1fbe
SHA256

a237b9dc7d049c5ccee23c89e1b7adea392da4d75aa4cfb2846f60ca83b220af
SHA512

142d2c08e67fc542dca011b1bf55cfcdfaddd6f6464065e6b1c317c8c64d2bf80cd8b48a13d0bec2c9fd2fe259a03ff51c8f0f1e819e612329c5bd33663f41de
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIt4/zUnjBhpT82qDB8:SIMd0I5nvHRsvpIxDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50620631-04E5-11EF-9667-569FD5A164C1} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420418710"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2772 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2772 iexplore.exe
2772 iexplore.exe
1616 IEXPLORE.EXE
1616 IEXPLORE.EXE
1616 IEXPLORE.EXE
1616 IEXPLORE.EXE

pid	process
2772	iexplore.exe

pid	process
2772	iexplore.exe
2772	iexplore.exe
1616	IEXPLORE.EXE
1616	IEXPLORE.EXE
1616	IEXPLORE.EXE
1616	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2772 wrote to memory of 1616	2772	iexplore.exe	IEXPLORE.EXE
PID 2772 wrote to memory of 1616	2772	iexplore.exe	IEXPLORE.EXE
PID 2772 wrote to memory of 1616	2772	iexplore.exe	IEXPLORE.EXE
PID 2772 wrote to memory of 1616	2772	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\03c38c6eaaf9fb46b42ea283db0bfc3e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2772

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
324045ddab63bff839b3a1fc04f39d7c

SHA1
559360245a5cdabf9e66ae3461547d5fc87cec92

SHA256
bc228baa1003841dd093b288b1b6623b6f50f99241be067eb617f945cca25a99

SHA512
0b9d3b35fc1b5f033c69a03cd9070cc43c807702c124e3bae4751179c03818d62fb85b9cabac08f21e2ad08da930f2e7db36dde6d2b0c098d9d63e9f06aded8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b2821a0044fdec59ee8db7486412b2b1

SHA1
008bbb3762c79ea8e8af48e8affb882e66d847a8

SHA256
e69034144e91c8017c50d7c93ee340ee9ebbf02d53ee570089f71ccd2d38f3b3

SHA512
86e0d6b8d7225219a282508b62de38c972c9fe20b4bf3b22ef94673fa1d9624b1841fb608e84d464a3bc66c9f4dfd387d92949d2f6af70e8e35724a3d2ab0cd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1c391e0b0a1d77f56eb465adb8a02f8f

SHA1
3922eb28041f63e74ae46fbc70ab63c2af3dbde4

SHA256
caa7bf831975e91d1b751c837113fd3c81ea9e3a9103a6927b3b12305bbd10f0

SHA512
515e0f3fd98399436e8ff1089542e9104e7058e01b0d52f4c318d886b8ad6410dc1af12d625c37f83eb49ce970170d671721156d5570d2a1fd9961f41cdb586b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
25586a79a000e72fd761b20f32435ddc

SHA1
d59655858b075b7d83314d59074259df3dbb279c

SHA256
6032a4a57b82f6b5e052d47c5a4a9eb53ff6011d49a3dd9d7ef2eef5007363d5

SHA512
5cf5c6cb808c8167f008b10bf8da996101c331ad9c4cec45fcd42fb629c50528a838fb2338ed0e9e62ae13a35ed1f1368520324405266cdf87c8102510b34c32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
99ca0cae04093db20f6755d699cb7b59

SHA1
fff3cc9fcf3d39cf9e8ebf3f0d93dee703232682

SHA256
69ef786816dfd66f1bf3d2fd4b6cba1d7f17870437982fbc8f9f1b190f89617b

SHA512
f9a6101a6eaa114f012ec85be9434da48171bc24964a5a15e1073518529a0eee71e024b83cb823eece92b52fac2afe2b8cadc8d0de8ac573aea468d2abe4316f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
568511edb2f4e2890be1460992b502a9

SHA1
7cd59b49b7edb59de399ed857969b531d4bdec02

SHA256
23fa9cdadc39bfd2af439982fb418cbb3d0d5cdb479feabb3d2cbac413608d00

SHA512
c2cd18b69d29314002240dd8d4b6864c2d8b2f352e26de94d615005f6f8fae52d7b0daf22c14cddc7f62eab19d680593a146fc3c45c2af4f48b48c2086382660

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
158a7ac9a58b9f252c8172aa08e5790b

SHA1
4364c5576d628dd14fcaa6995e1a43fe5b742c64

SHA256
a473b09f5e9c84bed7a5bf433555b315e49c54412cdd25d4f36d4cd8d7dd2ecb

SHA512
ed46ee82d0d5802e1583d6dbc22da62560dbd5bc4ec79c1a75c8d38bb5b2b2927e64a8ee65462e91a69eb79f6291820c8403c11c9f3102ea422a075cd9371a37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0aff94c066632bad451baf2b5d220c89

SHA1
05d84dd065625214e5ee09f20c27ce4cf5df9825

SHA256
1093ea5811eb42d622038e83e887492cfed81045b23ab3d6611cdacdceeff29e

SHA512
e15a8f2fc5ea053b08e5912fb484c77b5ac7b407e17a5161c962bf6ea8d9868ddaecdf8ebb8029f336b5d1d77b4fa76e156997aaeb566b1be274e424743fbf4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2bf0b2d9af2d25527b7772bda269030e

SHA1
b58223858ecf8d092e4229bf631d19be1dc7ec14

SHA256
5d1527fe8adc101ef668228d926652aee263ddfc565d3958a532140d822c5070

SHA512
3a043eb1a5f3d7bc60c5dafd548ac841f5dda1cee02056e4cbe6a05212efe1cac4e11d76300a24a71c111aaf0855722a60adaacce84cad85555089074f749bb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
718a6f7b359e7d9638df9f154af26643

SHA1
9e3fb4decfd043c21b3fc854ececcf2c031bf28f

SHA256
e8fc170a96f665efb58781d29641d52df1fbab3eb8f00a67bec599b0984a767c

SHA512
c79739a0a93f41a29471b38dccb5ee0f37be8b4b8de5dafdc433365e14e853361768356cb588aafaba858e2d3e079a81fc3bae527156b842627024f078f73f0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
fad4cfa5cb61517056afc84bf854914e

SHA1
35ba47af952a67eeeb4b10d71c149f58e60f3149

SHA256
3c2f0b0b1a93ca5aea80a56b3b6ef123064cd84a3ed23f9bd5fe9fbf5cf97d5f

SHA512
55625ef24d130aa42432d7835c9356cb181770664275beb6f22c5669411f5d02e827b474189028ad9371c48fddb8a800cf32fcbcbd3c2c126b9e0f9c1894e8af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8c929d3aeea567301ad7a3f72a77083c

SHA1
ea694b86cabfff95e1f93fcd7c3366bf58388938

SHA256
546c415a2db25477ee3800212741163623769285de59862fdbf63c56059df911

SHA512
662d06293eca3b5039aed4d63bedad0f7716be1dc92192d7facef2bbd505a26d304d4bd52dd0ab078519fc23a254f08c9c46b42691ea8f98f05b9f3dae0c5ff8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8b64a21d0f72c91559bc35d8e2cafce2

SHA1
fea48ec9e036c0429e43bf84769a9b66077a12e1

SHA256
8051233d3f048e7d9a398c07b88b31b747d04664f51ac25a01c21eff412fd00e

SHA512
627e24e243504ac14623b167d4923e5b0dd98dee24e9160c615293037988b12c40d2c0d8b87b138ec86645843f08bbf78e582c31a55d2d12a20ad5f3a7e2bc4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8D34.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8E25.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit