56b072ea0410c5e194d607d7b360e1f7e046f56f8dd2885aa6332e0198cb4562

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13-05-2024 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c470da96b0f971bc247396463c148d1_JaffaCakes118.html
Size

32KB
MD5

3c470da96b0f971bc247396463c148d1
SHA1

65101d9b868d0917618a3aa90d430a86bd2d9a66
SHA256

56b072ea0410c5e194d607d7b360e1f7e046f56f8dd2885aa6332e0198cb4562
SHA512

e439acfa4f35ff3620d746f8f874f7471de18830f5c7ed3b97498f1de7c68d9aebcd99a7a4f7512fa7f80ab7295e835d9559d6c64e70f4fb4b77254a9902b334
SSDEEP

768:SFRiUXKCLCTCvCfCgCNCYSa9v37+jozQebIWn6BYJ:SFRZKYC2QBCfSa9vr+jozmWn6BYJ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F05B0851-1159-11EF-8221-D669B05BD432} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421788213"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1220	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1220	iexplore.exe
1220	iexplore.exe
2268	IEXPLORE.EXE
2268	IEXPLORE.EXE
2268	IEXPLORE.EXE
2268	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 2268	1220	iexplore.exe	28
PID 1220 wrote to memory of 2268	1220	iexplore.exe	28
PID 1220 wrote to memory of 2268	1220	iexplore.exe	28
PID 1220 wrote to memory of 2268	1220	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3c470da96b0f971bc247396463c148d1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1220 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
5f95e0480d4e2dd24df2237e8aa47bfb

SHA1
a86fb4126c78e4101c04a2f4f0a0d38c2d70d9fc

SHA256
c79939d76039b78929c1360ac31f77534c637067836176f9ab4fdc8db41af970

SHA512
0c3abc0049a5f648529a691015205a09893b09bf1760afbdf9dae830d4de609f61aca8e6d6285342400cfc4d444680d4021b2901dcaf7532f6bbb6977480613c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92e1fcf7d902d3ddef0bc884db8ef1f9

SHA1
55a7c2415fb95606ed811528ebb85009d3bb76d3

SHA256
bbf8a5e12fd2cfec291cfc44af5abe60c79cc40572f6c9561669e2d2e88e0084

SHA512
5ddf3b5a73af9c20df9463ead31504c445905adbecd5aa6070d648b823fd068ed72e731f07923b26ad0a3356b6385bc973f67c3105a74813a61ff370f2e540ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3333a6ac492fdf578e477800b9d694e3

SHA1
8de72e376cf144e515989229ae953f8e03403a02

SHA256
0781f2a0fd879d4b74ad7a056b118a5132e904d9c494786157d3e15df0f34f42

SHA512
edd1fe3d3907f98c20cbb46576efed78685fa62dda950b687e0d87c91136930b2dca26e3008bd91f2cbb77b2204269bb7bacc273fa6caba7a13da35239b9270c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3ef70ec92be20a3f1450af28394060f

SHA1
aa6bc42f013fe55b9434c6721d02519cad910025

SHA256
edcbe9a858af783fcde384ed9e6a34f7a06036b507fbffa81b5324319e5dd9d0

SHA512
fa6b15e2b56fa48e0e6b5b011e4764f8d464d36a5a838e20f72e4366bf25f4f983947f1e342039990d5c66b1debd0bec27e5134de99555713a136bdf0d50e182

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6df6165191c8d36a3d35bbc9c43ddb4

SHA1
347af079efccc515deb9cbf4bd70ffadc6c6e3e8

SHA256
364c6803137a41dfe761efde0fd9b3ca6bc3f2526b5598fb2108c87053e9f399

SHA512
4493573754ddecb416e967e573abeb360a288b02725112a5d827807a6e15110b689d930d345c0af9ce7c62dbc6dfe8316a44cf54a9a638585be87409e6d8727a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
444b413caba766fc72a498a34e2f70f2

SHA1
7df3f5056a26a49a6fd40a7b6522ad408de75202

SHA256
7bc8d3fb2d328a293ee9a67958d522cfbf09631f169bed037162562226838c59

SHA512
19b63b647eee3b8094801eee382bb3cb1cd71b67ca2e4b8bc6e8cc77e7035ed75ca137533814c58424d746ca5d58483cead1fb7c4d0d6626cc480f2e3350a226

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81892ebe5b09444673015d15ef8e7e29

SHA1
f3ecc8471a0234a8da3de1f207eca650a3364e5f

SHA256
e38adb1d36c5dab5461ef2746b4e6efe0d9498300efe30a72161672700c954c5

SHA512
e43dbc2ded8b48da3e45c3366b2f6155edd984d33334106df5b7ef03ffe1550ea8b993eb7bbdea915185bd1e41fe657a164a09acd1ddd3292d99f68d3e17828e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45dc72bc9bce786bcf5404fdb69a2859

SHA1
561634e4f68e79c8fb2fab591d06435896c7d834

SHA256
77727fd7dad86550dd772ca4359b9cbbca41026c92cc242ec17f190ed9667b12

SHA512
0fc7627c8f072c140c13472528ff975cb0a58b8d6f90e52b635fdae166b71fae64b076aee08395dc3ec64bafe5ca25ac21b045e8a72d09f3c1617de23d460912

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1bf5badfd284484c818654b1695ae3d2

SHA1
4cd661b47880988530417a7b5b28d2184ad8add6

SHA256
d99ec78178a335aca62582ccbc0dd475af107ee2922b0c6e8d4e566d571d8bc2

SHA512
e5fe896c954c67a564e3f8ea72d6875a2d0adc2bcffaa244d5eaea049d55377a653e7ab4c0c8bc00623b4ca3edba01b5ae793d78fd9be31a6de883c18f63a6e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e92cda242c8ae7035161b724268fb6e

SHA1
3eb06603fafb425c000a44a7af81e0cacda75818

SHA256
8b9baa7cb5d80d1a3929cd3a89cc35dba752026deaa335a15c1879a36cc157d4

SHA512
1228d9cd5af808a22daea73717c16cbdc40693a1470183f96cf9386039fdf5beb15e2f7838d3f05006563c88a44495c6fce42e30ff488127727d9a10dfd032b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c362b9de52aac1cbd11249d51481a59c

SHA1
99ddd3d9d3249510766ee8540d2cf2a6592287e6

SHA256
97f1aacc83bb6466642c632cc411fe420c6cce0a7d8793c819433ae90e79a8e6

SHA512
9bc0d34952130f0ee159e91221d7a16b3fd119ed2a3b729d540951237a14c963dbcbbf95ee520af1712faa14c9ca1307cb9277854ec952231443a1e3a7d2ae48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1BA1.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit