4720e51296da5b6eaf36a5e574cc9d464b145c8d7a80283a40bef5a986801c59

Analysis

max time kernel
148s
max time network
148s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 05:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f9a855d8f0e1b9dfd88c1c81d655caf_JaffaCakes118.html
Size

18KB
MD5

1f9a855d8f0e1b9dfd88c1c81d655caf
SHA1

7f4a9d4462fece8ff13e4ebbf0f2f07621045a69
SHA256

4720e51296da5b6eaf36a5e574cc9d464b145c8d7a80283a40bef5a986801c59
SHA512

b3dc7e9c2f57e7e2b9e3e2d8dffe9475af610fde35c1903500a7cc54a789dfd7a5d1919d2b50dbaee1060b34088cf5b09b5490a6452b493a59ad997f35dd900c
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAID4zzUnjBhhb82qDB8:SIMd0I5nO9H5svhAxDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0A9F7331-0C33-11EF-AC1E-72D103486AAB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421221751"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2268	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2268	iexplore.exe
2268	iexplore.exe
1712	IEXPLORE.EXE
1712	IEXPLORE.EXE
1712	IEXPLORE.EXE
1712	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 1712	2268	iexplore.exe	28
PID 2268 wrote to memory of 1712	2268	iexplore.exe	28
PID 2268 wrote to memory of 1712	2268	iexplore.exe	28
PID 2268 wrote to memory of 1712	2268	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1f9a855d8f0e1b9dfd88c1c81d655caf_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
0e6fa60d2c9728a6b76c45fe37de3c1a

SHA1
0a05847f4a11fd9a34f205db2ea565afb152e6ef

SHA256
e0f179e111e22b478735bbb49b95bdd5a3a90d61a943827eef91a92e5b3ad889

SHA512
3b2b5f0e2ccb98aea456e8cf3fb0ba158576c481e8a52a52b7a401c6abb915890ad3b0a2f187415c6da8f6f89aa345cf0b4b445fd1d0b058d8146431f315ce86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1c2464b47ee87ae3e4bd083a1af431a

SHA1
63747cc2015ee8f39d96194116ba28afe9e091a9

SHA256
d123ec93f405ebd2509ddcd00e64149fa2c84e1ceb3fceb2648998ad15ec8a8d

SHA512
fd49c03ade208490ea2ad7212bb15ce4218db81bbfb873fc00da02241aa4e60e4a2aceb34bcc989fe47651ce188961b1e2734b1989338fc62690c722fefeb87d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c75e8c10224411b3b6b156e40d145ae

SHA1
dba61b50457ee1a2de82ac854ad123ef50b671d2

SHA256
c7209cb4693ecaf37bdb4fa747b2b92112558aa2472c7b40ba2d5e75ee0c2d9b

SHA512
ccf4e123dd99799ea0a351400b920ec9fec9cf528b3f6cf7a4b73675c10c2405041f09e326ace4cb220d3147c3b1309bad02ca358ef252bb3e7b0f3bd06403fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34f133e1241aca36524c64516e98eee2

SHA1
a2088be136e33aa6a8ab6c2d1fe598ca5159067b

SHA256
0e5e06d21c7a2f4646f2589cf871dcaf95b8e737b9ed610bd4da3804706e3ff2

SHA512
d3e5d3f1c416f820cb01b0c72bc81404ae6bde7c384c863fbbe28193046a8465013b0c1842ddbf57c3b59cbc96d730e98e5ee4571fafd078d55cac84070c6b36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e49e0945159e2a92278b07d5be73698e

SHA1
7cb698c11a66e9b204290d87346a0284941a3603

SHA256
f86ada6e70efa7bc22a05f33c5d21dce6eeb10732fd5a96685d00d6ea278c228

SHA512
368fd96d7b052885933919b44162ed3ed0bcc786d289ac269e2f6dc7eae3ce437263a5f33a3af59e940a182dc6e932295c2f1ba32408b5c95e592b722aabbc6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d785cef0c68a9fdd024e8d4e8a67f6a

SHA1
1eb86fff9fde75994fc7992bd8cd35fef4105ed7

SHA256
26f97d783db205bfb2a884a0aeac24b341e22dc2c44a7d5d0c95c4b507ac94ee

SHA512
e322793da2e8d74ffcfa9ccdb58ee674dd797ac09796ae4d02cdfb95448e3c8b3ee156ad54d06e49f6605b307456657fc80cdad5f230293abd102cea073cc99d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d637fc50a5700661f6704e035e5e9c2

SHA1
d6ed1d55cad4de219aeb17dde1d14192ac6e8864

SHA256
07261e8b424525053ba3e55664246e6a2067f11f3453dd52c11fd08bbcc07c4e

SHA512
a8a0239fcadc41e10bea6a9747329c4df5a61e1968c99bcdd47c9c6d5443a235d48c8fcd5faa4d2c5427011644346c72f92e12a305c04b6aed2bbe4936c2b8a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e13de2db538684b774d64dbcfdfa32c0

SHA1
850bbeea0c4106185f5f05f07fb51cec9895c84c

SHA256
b272098ce2f632bb4b09680c80db13b2e49e4cb09acfc1a4e085fb5a38b565a8

SHA512
444bc944fcd6fc68899ce6633c1db4353af36c7db29a9865daab3328268de55d7621abbd46e1e8345bc4570aac1ee501d20e10e9d3698747af1a39053382905e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
69b0ae01bc8d6e2f1423f392c39b14a6

SHA1
9e3064c06c961bb72e9618353045cc289254a328

SHA256
d2b2b937ec7edcb4cf099d215032467669f9dcdd11cad3338e5b0f450ff60985

SHA512
f096a2a952f524f127ac2934334370238e3d808d4479895dc4d653755e234352c9d3e82988f2ba0dce3a0226ccb9dcc42d62ff3ecaf6b186b7173503764c9746

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFC4E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit