f16fc816b0749ebcddbd7a99d95b4229a43fb17265faa4db102a1250fe138b2d

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27-04-2024 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03c43cf0bee128e2feb9f2f94e93833c_JaffaCakes118.html
Size

18KB
MD5

03c43cf0bee128e2feb9f2f94e93833c
SHA1

e6780507df8a2675c4556d527c7751ff8df05ca5
SHA256

f16fc816b0749ebcddbd7a99d95b4229a43fb17265faa4db102a1250fe138b2d
SHA512

5ef00d9e1351dc9d47f8a3b8c8f388c572df6484900f8d675c21c812bdfd5e589b87bbb83868dadbd64d278948745fb894e1fde767bf843a777e829cc37646dc
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIu4SzUnjBheA82qDB8:SIMd0I5nvHBsveDxDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7BCA5C01-04E5-11EF-A3F8-62949D229D16} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420418782"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2204 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2204 iexplore.exe
2204 iexplore.exe
2116 IEXPLORE.EXE
2116 IEXPLORE.EXE
2116 IEXPLORE.EXE
2116 IEXPLORE.EXE

pid	process
2204	iexplore.exe

pid	process
2204	iexplore.exe
2204	iexplore.exe
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2204 wrote to memory of 2116	2204	iexplore.exe	IEXPLORE.EXE
PID 2204 wrote to memory of 2116	2204	iexplore.exe	IEXPLORE.EXE
PID 2204 wrote to memory of 2116	2204	iexplore.exe	IEXPLORE.EXE
PID 2204 wrote to memory of 2116	2204	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\03c43cf0bee128e2feb9f2f94e93833c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2116

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f8ed9b43d99f39fcee77856719e1bf3d

SHA1
2034ae88456a3337035bf03c3dd022ce045276b3

SHA256
6951a5ec866490822cccfd4aff04ea0029d6b79afa81f3a8becebd833089c2f8

SHA512
22e4fa6c31aa0dc153736154b721b7bb62e06e06723c0b776384144ac5cd427d52760f2385b094458fe3af582c5e91272bd1433459dc50125932995f020a2d86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dc762473f1a774e9b2f18e1632f53eb0

SHA1
9f586d30a7bfa73e39de6415f36fc5f43dcb3ae0

SHA256
3b073201808d4d203565504ea2c6d0d40b1b6bb62e21999887c4ce07d1924ee5

SHA512
582b50b679bed267a2b0d72b24a7665c65028475cc1f157cc8843196dcbcf8336c8a49a200f0aa6aa1e5ef61b2ca258b001c3a87c3539396f6a7999d4fc0cdd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dfed69559abdece2512ad43b1f1c9fce

SHA1
0d11731b8d8f17cb7107bf7421507930073b64d3

SHA256
7636b2aba810e88ff1cea13bd30296b3596aceace3eafb431d6eb92a157cdbba

SHA512
15ba775f37ba184dafd486b988eb196815cb0c37b18f33792598e2465e2cea3e30eca35cdb938ff4ddae6e41ccd0f6eb52ad9aa577ba1d53833e96179e7eec31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e27c354e88e8a4c0f532762f006eb940

SHA1
b98cebdd09eb8478e5f667a36b6cafa1e3917825

SHA256
6291a7a18f66e376a71864d909e7d31d3c05b2510758dcd7fdea54cd8a8e2707

SHA512
718e630441e8bd31926c2c2768a9e72cb43b47b658ee872a99bbc636ef940978a8307c07c869789a5c44461b69e38b2b81b730515a791721a4e0e7a6989d29d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3c96d7c485d0c86701091907747c1a96

SHA1
c07d3a6723ec500f5b4f8f73677ed2bb50a03f01

SHA256
5f78e04c5aa5facd3c7247f496ee97e011acc8fbb0f7e6b7dfa19a5b5a87e670

SHA512
839ebb56e49220f2a9c7f8048f8ea64b366fc384773827f03fb65d160635e9184c8de8a087d9751905968383dd833da3045592f9e12eb42ee4b2396696fbb378

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5fc79b92564a54179b8cf48b9e5ceab5

SHA1
79e5c4dd66678ab2ed164e692d100251029e9649

SHA256
9e0cebe5ecfa31e69894956f0fb9bd8385312ad0edf6eb36fd282881b53fd83c

SHA512
551964b3f6885ed9c7e9e69ffb408c9041194b021a7a1514b0f76c74c5ad49b462ba7e35ce3dab3c302f00578e7c6e6c5a0c798cecca9d936520cfd3cf546c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
cff072e1f5a7975c4877e7af14595e87

SHA1
f8b923fc88f13c65c06c887bd61de101a081743b

SHA256
fdefbaed14af9673a37ccfe2d80139ec67175b4d0537dfe7bc587cc5b8f0bf3a

SHA512
484484a23dd98523719a5573b7cd765f95aeca97b28e709a2849a3e4b8a76bdeec362311e83492e81fbde819c7c318b154c4a60797344e7076cf737c3a9d2212

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0f78441a4bdbee295cfedbb5da40f3e7

SHA1
e6c77a1502380eb5f24f97c0793eb49c07e7b7cb

SHA256
d4a3d05cdeb26eaf3aec55787a9b11baf5699c3b92e9b83574e81e3d57bf298a

SHA512
1f50099fb9ba48e64b7cc4e716d898e5e64139c70a6fee5fd635c691ac660fb4907ad78582b45feb162d91f036bef5d80db5038f65bdfcc79f1c038c554782c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c678f098fbd2ed5b055c711526c55feb

SHA1
210f9c748a8b5fa937c1a38b8870bc877daff775

SHA256
e786e85b3b1197d4f4cc3c329c9e0e5a8eaec836bbf2ec1f9f85902b2b9ee08a

SHA512
c3fe4a2c59ceeaf8df33909e908a424d7ad83387751511a145307eedde5eb5f630b83014fe4cb86467c32339ec1f447ec30d79894140ddd1cabe855ad895e00f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFF28.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFFFA.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit