eec0d2c44d58627bcdc1a8ecabf46a6ffd5dcd7f5af548fc036680059646888c

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4db7f040e9e5a33006c7769c4259b73d_JaffaCakes118.html
Size

120KB
MD5

4db7f040e9e5a33006c7769c4259b73d
SHA1

c10ed2b709529b863d6c194ad611fca59ff05f68
SHA256

eec0d2c44d58627bcdc1a8ecabf46a6ffd5dcd7f5af548fc036680059646888c
SHA512

6fd670a5e6f62c0f1dfcfd6e20904f9c4a12cd558ef30a7f705a5e185ccbf81142bed12f8290bd3286455f25929cd3c6bd10d640764e2ce73e1f7e9c56e43003
SSDEEP

3072:CmxuX+bsWPW23YC9yjFGx/OAEUkXv6KweMzAjnHaxc+nh+CHAb2B6Hyo4:uo6Hyo4

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{800AC1E1-13E2-11EF-B023-6200E4292AD7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422066768"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2252	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2252	iexplore.exe
2252	iexplore.exe
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2848	2252	iexplore.exe	28
PID 2252 wrote to memory of 2848	2252	iexplore.exe	28
PID 2252 wrote to memory of 2848	2252	iexplore.exe	28
PID 2252 wrote to memory of 2848	2252	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4db7f040e9e5a33006c7769c4259b73d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe1e272f47de7e1f0a7ac202653ba6ef

SHA1
d1b50f1a570199e88bd2d69e131a18276d99eea0

SHA256
7d906ee75fd856a86ed1455531c089c9f276341cc53af230161b7574ce843788

SHA512
f261cad9eb85fd0428a78c35cfe20d57bb47b03fe98891ab5fbb17857f73fdf302073d2e11a068e6167f44afd8be952ea1ed0f98b9930c797a20f8fec1de47d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ed07bddef805a5bb94b5a0033891790

SHA1
16634a17bedac60d9326cacaf39d7f2af0c41844

SHA256
cb3ffc74eebd06348444d846e22b50599f13e2cbceddee542da270f5e24977c6

SHA512
a508dabb07db90718a54f5bfa61ea370c24a0c04c3deec868846cfa8fea1a7e15d69deecde9fa1f57cd503370e40cb62a0cd99d3f02ec94b79b2f1b07aa9e50f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf45c5b03a0c438b378ac5f4dcf34339

SHA1
2ae1c114b513d1a4087c11932d6353e524ddb865

SHA256
3481f32c7c125147d18a73e9efbc567ed0491456b8be6dcbf7ddd723f4f3e9bc

SHA512
57cdaa703209b94101b1e59d9b46b6af58a9af7cd4d74cc38f48bf1a14b66cd836ea5a03dcc17e2731cf84fb5f5e0750e01e2756e470ce98d33cdf3460422f35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be7b6559b40fad25e52788f5c20b06c9

SHA1
7056ad4249422fda32da2dd989677da6b42063ac

SHA256
34398b4a36fbe93d2a2dab8cf86cda6a8af3f5ad8002b9890836899b763066b9

SHA512
ab86627ac870a7a6aa4cdcd16ce2a02affd553c53cb4cfd8122158992bbc9627e4bf83c9ffd305816a88592f135de965fa87e2b253a383f3e849533addab312e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d04ecc24d63918de57fa22be6e7c1176

SHA1
dad1db0efadda0ebbe400c27f3aa4e90da07b0ed

SHA256
2d3a958021b07ce67a3791fe8cd44a88217b9abfbb5adf9de5b0fab93606da8c

SHA512
f72a3b300c39519cc30fc4f6c8e1b704822402ee39e45556f9c8458afd93ff2441501dddcedf74cda88248d8fd7fb134119f544d2cedf58e407b9b2caa2773f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18c85037205b8dd7678f5f2c99397dcd

SHA1
a5b6aa21e3d8a080979a31a7cd94592d5c1fa5e0

SHA256
53b56777e74b36f37eef7d4870ff87401554605d652b8376dc8f926d9f5e5d3e

SHA512
6dc79ec6e60c1fc034343447a0ae22e1813a55cff11a7e9179ec9e76b4e111a807672e87b228d3f8eaee5a6bba0d60b5f5809a56c319a395e2bd0144a90b1930

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb2e115f23d1c72c103ea2d9f95fc92b

SHA1
b3b1d7c1d966969ebf25e05c6d52d38f54bad7e0

SHA256
57e388eb34eac38a80fd316a9c5444fefaac6abad51de168209485ed5be227c5

SHA512
63282ec3c4fc0c19090a1a57bba7dfa69f8feafaa695c8614215a4c6ec81252ba79956ceb99965c67b3a2807b4f814cf2297143a4f8cc26e816a62d92011ded7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1de500b4376cfabb56ea8fbfa7b36469

SHA1
4b442cb7e15bb276336a6f382c8cd04a6c5fe668

SHA256
fa7ebe22674fe066d026d7d0a6f236214639d37f1688ccb0c64b768eec6f71db

SHA512
e50a7b1a1bebbcf41d4d48e9916841ee57a98216f387618eaa9674669b6d11b43d53b4940ca97fa87365f3595759684b3d69eb8e6543f82d44ee0b7fe71767e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d035ffbbe9fde84882792ef1dc9eb3de

SHA1
83a4f5af902c1fe08d7ef14452ac6478503d31e1

SHA256
8683369b8cb9692e520ef3a1e6db2d0c3ec136cadd73ed8d714a3bf9ebd65f8d

SHA512
51b16ea68b7a42fff98505c6994fe6ecae29a155aa58330c4e941005723fe7926fd0bf947359ac31da1e0d594374791ed77318411d9bc67815599044aced45f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eba97caf9cb60aa0a2b45926c03c5fd4

SHA1
4ce73c8a4901a3e6c263976f33a8a5779d9e6abc

SHA256
84aafeaf1bc5f9a1e4714dc0de00b5602e093c03184e3e5cc9d6c7b96045f09e

SHA512
e44341f0834db9fb5fda6fefa21f4d024f67a481aa9c20ebe32ceb8038872641c69fc3f79a59cf914c5e4a38a964c671a0f99d6eab5b8bfdcaa0eb19c2711cb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e59716296b54afb6db46e692b10e47e

SHA1
1843a47630a06521ce03cc64664bcd90b667973e

SHA256
9cf5134699b5a15da059c3eebd8f3152a2e8521b37d60b95e0ed57a89c34e6d1

SHA512
b95320c81186c0bded48923bf8e5e23c0cd53f9d48a30b18b21107ba62da6804557cdb29f7cf04ef340cbb3fc278113a780c641a12769c311d66aaf2f463753d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdc9d66ac810fcd023e630eb0aa1fa5e

SHA1
18ca819345d651d35aba86d7a3fbebefaa6b345d

SHA256
22976fc7e5afdb68dc518400d670a04357ca9d13a0846829034169e3fde08bf6

SHA512
28b2ab6a1881d70cf07c67c5b5e096961f8c27885bf9f0c82ad41defa19575610e7926a164a4674c294c25cf4bc7970401c0f6ffe61ef268d55ad06743d4024c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6198ed81c41398eff7343580b45fb820

SHA1
fd527dde35afe6ed95c2f3d39c2ecb702bb2eaf5

SHA256
da4258105745b8573b160b616107401b29abf8e26ec5f2ea987cc7a599846377

SHA512
405752a1558615177778e5a4c2c9afb243cc7681ce9a7ee07e32e46fcb47ac675647370243110bd112c7b3ce6302ba0bd2c5e222b8c4adf5d0c348cea061fd90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1787.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar17F9.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit