0450f34fc0d968f8f48fb66c5ff9779e39c5ffb2184db0f776dd1db2eca6fa7c

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 09:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4a69651f3195b417986382040be6c7ce_JaffaCakes118.html
Size

32KB
MD5

4a69651f3195b417986382040be6c7ce
SHA1

08ed9b1f8612b06023b9516e6d07b8851a48e462
SHA256

0450f34fc0d968f8f48fb66c5ff9779e39c5ffb2184db0f776dd1db2eca6fa7c
SHA512

bffd1b38dabeb09b1cb15ce40737cf12fec958b9f8f61448bdab1310aba80dc526702943abc4e5f498ac2fd360e18b61ee34ef4c19d0400783e954d598e790dc
SSDEEP

768:LpgJJpK/+jIG02eEfE1NSpE+YelhM61YctvyINwA8dzG4kn:LpgJJpK/+jIG03S5Yel/tvyINwA8dzGH

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{94A0D941-1366-11EF-B195-DEECE6B0C1A4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422013544"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
620	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
620	iexplore.exe
620	iexplore.exe
1936	IEXPLORE.EXE
1936	IEXPLORE.EXE
1936	IEXPLORE.EXE
1936	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 620 wrote to memory of 1936	620	iexplore.exe	28
PID 620 wrote to memory of 1936	620	iexplore.exe	28
PID 620 wrote to memory of 1936	620	iexplore.exe	28
PID 620 wrote to memory of 1936	620	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4a69651f3195b417986382040be6c7ce_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:620
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:620 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
508B

MD5
a1e0092ca5e636c88876dd46d4617de7

SHA1
d2ea78e0186aa09703fa43f9991e5812e5f46ef3

SHA256
105f8c8800a2cec36dbe8e4f1eb40a9e3523ad444bbcea28411277128aabdfa2

SHA512
1d6ec8d5946619802d2aa3b5495c2301acf361519f5f5836718b536f9611cbf25e3896d13826deb7b2de2801b3b0f0e46ade351aa6bd4cccaf0af3ab161d070c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f15dc24531f1a13782d6e78f371832dc

SHA1
0f3ca61a8c2ebda78efab47fba09d07a57b17d35

SHA256
6621cdac139c0dccc15d3ee0f55136ee38965d1497a3ac5f1282ce63a4951d19

SHA512
24b7a0198b41755cde33324c9733761806f9f74e6b4a6fe0d1dac5dae005714e6d198655b715042a25d1c09df0c0cee8ff259fbbc446a27a7cac9c8a78eb3d40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87945a75a62d3e9617a25a60a56f606d

SHA1
a9809cc64e8de397e9bf813cbe27abf1afcb116a

SHA256
a77748164d3a77a570692d246b93839d220c3be8cb2c1109cf966a8f5dad1a07

SHA512
beee03e8cc704620a144e160dbfc8cec97cb19f8c133fd1565a50bc15321cce820c20b402bbef1987992f9c702267a0ef9e07d67acc4135e6542b6d4b8668f56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3787b3153cece044271fdf5316708051

SHA1
7471ee90a6aa12cc6a001b3e7671235a8a663227

SHA256
f8a342001b66a0be756f5d89ab05d72f2468a77e5a9d54181f7279ca8eea94fe

SHA512
5af1c2e1d7de258ce9fedd028f5fc1fc833051a64d0a7058adb7c3493f1ce76c6c8e8d5b9c1b7af3d1cda957503c84d59af144f2ab92516ccc68b208fa443315

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f9606321a0189242a650c4361d0f3c2

SHA1
375d2fb162a9abe8699781c7b92993b929a06015

SHA256
2d7405a93e7c841523c1b7f78239136d0b148f4f007b395b8e34e5dcdcd622fd

SHA512
23e00faf353fc20899be1fca81043fe007352a8c9853d72863fa6c7ba24b1ec1a49db416547df81eda5451a22db701ac1b1881d6ea1819d5462b889b27ea1a7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ae8fbf176b18054700bfc7ec7ca22b4

SHA1
a6d6429fda3af7ed5ce1754aeecc8c78fd2c896c

SHA256
b5801dd682c2da53af362b536b7ebd8d0461f133c1f3d9bfc7e6c1f8c4df49d4

SHA512
07665f73d9d1a9d83fac81abc7abd2cc4b640f4c7f9ec61004573513ffabdf675da67eef243539d51ce25b88b1bf13698c6893c3357f5102d7964514a1f5ee88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bda1bbe2a82bd88609e11b815a4da3a6

SHA1
d682596ba287c7ed8fe99c3ef3600831cc5bc000

SHA256
25a71d7ba446e01717073f54e3ae94d7a3dfc6bbf06750cb0ba42cdc89696668

SHA512
16a363892bb14fd493b816c0afde412957e060797dec5f5e2cd67c5a7a29b85fa8e41622e6e64a39ab69f6125d48975303394218833e0d8f6604859f1dd1e8cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17c9e5b6d219d0115a0b7dd362aee918

SHA1
facd61976c9813fe7e99f27d1f956335e373e526

SHA256
f1c32fcf0acd95fbf65cc534cf1674dd4083ab75f6e3a38e9e053f5944e61842

SHA512
78dd5b8ff2adc8df6998d9ad7295d2912a6d7e5620c57f6ced0124a44d76030cb9fc515b60c1282bb04325d956acce18e676dbfeef0614449584feff02edc9fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9a258f35c2e0a033009e9620419f02f

SHA1
b0fac0a70ee9edaa1b300dfb6d55880bd86c5d50

SHA256
5c7306040102a18f8d0e37373710f3e6aa666b2ce6403bad2cc6399fe58f80e5

SHA512
545ed261bcad91b9124c4c4bf8dbf8eff5c5512da86ae40f7ad993e6161f8be834d1b0f98ff1b5af8e70a3dda8a1622d2d3fb27b7c47220ecb15f161d4d968c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8fa7351572b2da0c05ecfec2f07f3352

SHA1
f54ff19ea4f44f23545fe74d42fa585ce1aaedcf

SHA256
4b388e726666230b4fff494f9202f3a5eec64c04e5c571338ed28473b7f3df2f

SHA512
d6fc1114df1bf4eec308f55af9d832a951ec6664b7fc8dc66250b920f3d60ad328abea20bdacdafff779d2c3be3c91cbed1972100292152ad3bddb432f6ce732

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef1709287e3cbd2d210e4eb2b034bc10

SHA1
8ddd8583a8201f429e90911fcbf3e873c5c08837

SHA256
59c66da6d5eb35a2956f40610c0a39f6a7fa6f37d9996347d82086a7d105e585

SHA512
94a7e581bac160248cde65031d26be2e3ff72d8767bc292bb86b72469c208751cc5cfc3de5db17db3f3933f0638a1080b031446b726cb7e93df3d439c9782688

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
729174d409cbc058d4458362bf8d431e

SHA1
21addaabb0ea5c63da101e7d648b62001212bfc5

SHA256
e6b136c4ac8a23cfcac87bf34d243febf0ca4f8757ab47ed9c3ae502b1b80b83

SHA512
624577eca58db8aecbad112d4c1fda78fc1b40f71cd8961b62f9a205b05ed023e86ec812d7808771cf31468cc0309b99c7983e9a58f32a156deb1383c30c59b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2260.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar22C2.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit