3c84a42e736bacb8f1fad2bc4d045a34813d73c842e01fc05fbde9e8bc0f6c80

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b20add2bb8cc10e41709f9e1c257b2f_JaffaCakes118.html
Size

46KB
MD5

2b20add2bb8cc10e41709f9e1c257b2f
SHA1

5416aec36c1027cf9e3338fd4569fa6842e3b83d
SHA256

3c84a42e736bacb8f1fad2bc4d045a34813d73c842e01fc05fbde9e8bc0f6c80
SHA512

d24fe87ed45ae436229baf4b6945e50eeb8f891fb49bdbbb9e3f6bdbe2de2a3542af69572c39ece967360354bdea89a0ede23ff35d9125d7cae400c59e19ce6a
SSDEEP

768:KV0a/DC2b1b02I4rTrXXxXgM7iRwJGGdmXBFMpTXWF/CBVNZOEONVHDCN4qNLZaq:KV0a/DC2b1b0orHXxXgM7iRwJGGdmXBI

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{97B11C21-0E2B-11EF-8E7B-D20227E6D795} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421438454"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2740	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2740	iexplore.exe
2740	iexplore.exe
1156	IEXPLORE.EXE
1156	IEXPLORE.EXE
1156	IEXPLORE.EXE
1156	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 1156	2740	iexplore.exe	28
PID 2740 wrote to memory of 1156	2740	iexplore.exe	28
PID 2740 wrote to memory of 1156	2740	iexplore.exe	28
PID 2740 wrote to memory of 1156	2740	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2b20add2bb8cc10e41709f9e1c257b2f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
6bd9558df731b3e7336d9c325d65a9a8

SHA1
cb4e7eac1ca295838e2304d9c57b84b2a7230cb6

SHA256
dd9fcfb9e92f1420b1714f3023ae8315fb96cfcaa6b67457c62acea105ffd130

SHA512
d9ed2e61c75d62d1703612ce549418729e3f047be8d8c01bd07646cc3b190f7eed517322534458d3eda672985b7655047213eb881090e843102146b417492318

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
244521f58123c8e69d039ca830f306f8

SHA1
db9b02dec0a28e09687fcae836f06b586ba95ec4

SHA256
479fdc5921153804e8e6d54f1847afc9b901a41f0fe246a46ff7554024495397

SHA512
e62dac24ae67a01533d5ad205859820aaf9e541132b44e09f860a133e05f18438fe20170b0c4cb4a4aa902b30b39fee31820e134ab4d765ff5c797658340deea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f640657fda46c43aef980ec7e594a32

SHA1
89b5e021904cd0d906ad3560205e4a2c2405ae94

SHA256
42b8fcafdc9ea8e2543de8d5bb4aebcc74dff47c9249941e9b2a3860796e29c6

SHA512
bfe701b231fab378c80a7f5e2ab4032ac8f8f45a38e6607389eacf47d63dc65afadb2553ba38990a9558d4619f3d2f66712f06a2cc2b39182ee104967d532591

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b36cd4673aea3698bf0129f6bf29a841

SHA1
d33d1d95af0bccd57aa124896e9fc73637f74645

SHA256
1d28c08dc4a3adb952a1f9de5370b119c67c0a7dcd6a6ac405d79c27e1b242b5

SHA512
1930f2467f2af2008df01fa6473f6f4a69342f0e06c599772ed12bfe69693298202981925022376d42a417df7b9b49d60a16009884f326da1a6285ae169631ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f3f5fbb83e2e87283653759f93ea2ad

SHA1
bb227f40b28df77ebeddf1c9721e5bd42f69390f

SHA256
5df6fc3635a78771f51a198e444fb0e5024f021f4641adbc5b3537a515ce7e84

SHA512
623fd12a0a6b94515ded64240564594252137efd4fce538a2a5055ba690dd8fc3b9434a36a5f36b64290ba41787925f0f606288901d005d2c470a4c125e369d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
402bbbf99962862477a9a01fbb06bb61

SHA1
5e167859ed8249dffc0bf6dd65df53c0334413c9

SHA256
4d2f629db43aa3af94ba37093d2d8e88930d0b55d9f1f0ecd1d7301548a7fd1e

SHA512
d3ad14c7da7abf0d7c1a136a7f055fc7a05b772fe3666a34a2390805a0e85acdf5ff86efb117b40cd79b4d904d15b9f2ae49577f773fef20bf38d8a0855d0154

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4305c5348cec9dbe161dd5fa0b9d44f6

SHA1
5235b64a199065465d69a326a94b3113091e6516

SHA256
53db79bf198b5944ccd2af0c3d2f1c10c64e26260d72a1a72d3f6dfa1def28f0

SHA512
0122ba669d67dd36e23bfdcfd2c180c551f2f76f7567364619010d627039f45d3f5eac05b364da056c5fdc51fdd05337132a37b0e32741fcb8a1bf45a00a10ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
064c275199190afcae3733e44d647f50

SHA1
32992c85cf8912d5e2bbea3ac4748df6d6a98e36

SHA256
ad64763328e6221eca4ba33c15419728ccca21f86c85cd41164997be86963b2f

SHA512
7b86bb5a69009ac74738b98bb7d00388c2cb46d5de7654c408486830973372963931abfa0e56c821fed641ce38a210ac09be367b501ce9755bddebbeb8a09b92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
358842f31a10fbc79e663efb9471f73b

SHA1
4bcab2197c887a4b2f7f4e42d0ff8ba9d75c3a0e

SHA256
6540b70c8d197610d9b7b33c97b5bd5cb3c19380dfceb7d6bd44c0b134fed955

SHA512
38b3c53e5f0d87adf5f271082152ed57dce12e4ea38925fe8aa382e9fce319ac5f3ea8b533e721ca308145573f308547045fbb3219c9bac602208979c74cbd94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e097d189951223883113d30b21d34043

SHA1
3194a04f534bc78537ca9efe35d4f4433964c060

SHA256
b7d2454b02fb0f41dbca558386311eeb517f19f38a123bc95e1bfa725d28c906

SHA512
1609f9d0f91406f1f81e4c21c6ac1a195cfd2c62c40e703f44a9c80235569d7db3b2411607ded5ed769473f02453bbd1bb644ebd4477d623234de815124d36b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
819f2299c65ee464d291d9edd591fd87

SHA1
d0dde27f1594848dbd6ee434acd818ed311dbb65

SHA256
ba72447a98e8b54bd3d4655b96e9ec99da32523a88d4199a0a853b17abb0496d

SHA512
7c2d6b88a2da9a443834d36651d47f51f4a3cf3d34fe138715c5369927f3a3b1328b0a057606902b5692c23a79dbc7b8ff41b3ce053534f417ae99c8f2c007a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ae1941b767418ac88b7afd942477770

SHA1
418f39f21adc8fc9041ce540ab7232622e4f5f5b

SHA256
1f62f639d3af529a1387ddf5967c4da885b9877a177eced9fba1d6d15748b5fe

SHA512
4fbd3a3dd79aa1dafc6e534545d35ed78b06b10affc3fbb0772a096d545587202aebde85282e2ecdef5a4a3caefd0455d5e81a8b74210c5f2822b1a46be9c5eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e98b33bfbd837ff6a8a2ce7e4e25f508

SHA1
e8283cb941789085d7595fa5718fe4e4aa4c9bea

SHA256
bebe38299482d836f017558ced8f170b5ceeb18dadd251ac2c796bd9d15aea66

SHA512
7a7678d8cc2ca62f2c07283a34d0c7f518e59f62addb50da44806f73cd4d40fb1c51fbccb4350c6d4f6c786130aac1791811c5bef0dd00ff93db50b16a2e7f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
d3f9c6932fa7799a1b0efa4229303588

SHA1
dae43bcd063a73d496e8a905af374e0dfed94e68

SHA256
e8c888524a48adcaf80d0ebae3dfadf9a9f64a31bd73c05fd15bcf03b79ed970

SHA512
04ccd99e5fc61628c1a3e2db27c114293f96f29effb1d360ea55af3fa1c9f2a328fd2f8c34b3673fd56bd3523716c87df6e8827ce627ab375ebc54018891236f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1844.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1910.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1925.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit