5c6a061bc4311c88ee958eea3a2240ed3bb8b2424eb2efa4282d4bd5112a1b14

Analysis

max time kernel
150s
max time network
149s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
19-05-2024 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b30f5b408278ea3ddfb102a523fff33_JaffaCakes118.html
Size

143KB
MD5

5b30f5b408278ea3ddfb102a523fff33
SHA1

3a8bb2b828fce8441e9f9a7930c2edc6ec7fcac1
SHA256

5c6a061bc4311c88ee958eea3a2240ed3bb8b2424eb2efa4282d4bd5112a1b14
SHA512

09e51a3463c3007d61eb63643162d2c6549b5fdf81e5037c6aa089d1c52ccbf8e4476ff412c072855c36f186f140f89d3ba7e3a9b69498d903c28f37cf00ff9e
SSDEEP

1536:S3qLMEsNp3FNx76vuyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3p:SQsNVx7dyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{563BC871-161A-11EF-BBEC-C662D38FA52F} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422310651"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1936	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1936	iexplore.exe
1936	iexplore.exe
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2836	1936	iexplore.exe	28
PID 1936 wrote to memory of 2836	1936	iexplore.exe	28
PID 1936 wrote to memory of 2836	1936	iexplore.exe	28
PID 1936 wrote to memory of 2836	1936	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5b30f5b408278ea3ddfb102a523fff33_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a60be452ca04e48a70a3ca7744c20bb2

SHA1
4ad70355689c76a599c70cca06ad011d324ae105

SHA256
e83240b323346503b620dd0711f148d7ea0d9b77a5d9d7a85b8ec42db7e5ed1c

SHA512
e170fe64069b027f89c9ed533448739a9623a748a7ee909be707e82571e963d64dfa6110bb1b8d6cab8a087444e42584fc06a29318bde26292a5c9d4bd0d975b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80a9d683fe8c37a7e3b7cf3380ed7d71

SHA1
6811c6f3d61287ba3d193a9c3caa91b3812d09a3

SHA256
16f6e2fb7e3bf16c62ee5a9584ef5db79f68bf1fd9a4e4aa070470ffdb3a3bb8

SHA512
2da94ac98425ade22263591f21b5a4901d1e8e5123ffdcb7fdae09652c1760d80ffc1d23d55b9493fc5d98201dc494f371e6430d2063175cf13fb001f41aec26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4edc6ad5e080bec413435851da3e0e74

SHA1
c920886eb4a928f962c74c16618dcc4285fd6bbc

SHA256
685fe81967f1caea6b6daed000829a4275f31fbba75bfdbf3788cd506ac0fb1e

SHA512
183ec5601b37c128b0f68c1da959100f90b2cd9b150f814ed7a4f9035c90aceed3a81b5c25d7495249c0f35cc4193ca8a5e4e9b2dc752271a60545abe955969d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
351d7b4ed76b0c9f8e4092d3ca7075e4

SHA1
9e7c02f82f0ddf777eb206bd06705142e4b9a410

SHA256
8bbceb96a64344b5fdd9415b531126fde5b18fd6f8108acded4e77fff15fb287

SHA512
5bbf762e948d2d6cf556ef8fd2ce0ced3e0554ab52253d21460137ff39caf0ae83e1e157f3e3fd72c2c4ec09340025790e6ed1181e7037df63d3464d2fd08cd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e846c38358b227c3b05a301d2e418de0

SHA1
8d4bf1b1fc7150531f4832515ec143dad5e2d400

SHA256
b9957db48c642b62232504db5978c48d1bd05e8398cdfa809bff5d2fc285b2b6

SHA512
a1e465c3f909e537ead39e9bf431d5c2bd76c3d880056db6a601ba6a0c74c66aea6436a7b2f73c792990097fd0e7158be08f960b298c767bc8e85e5a7f11aaea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e9a4c5d02d84fed36c2e7bf69777edc

SHA1
820dd438f7eb1b56595b4a53aa5aeae692cd9300

SHA256
22c9da6798620de0a433ad37ce6689a3c5bf8aa7384d969189a602aa9414312e

SHA512
7f54f0f1273a16a24e094ef0abe3b1139a175d96ffa403211c544c552e6cc44777340f93ea7b844837c5fc9fe94a4a271c8cfb294137d99062c4548fac15b996

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5108dc97b196d6735e3e8f5d3503ce15

SHA1
b4f1bfc2ac3cc9376e9d8b939f8fe69fb3af6d2c

SHA256
39c6fee6bd1dbd3d4b50560c049820ca3b04f5169e0c6ff70cfbb5496f7f047f

SHA512
51f427aeb7aeecdd66f687b57389e1da8512497300db1a755e21ed752a572ded401bb67fdb9050099a46b7ae34b7b03f7ba10506cedc189830ca6765f3d72529

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20322e4640a471be991f37be8a4646bd

SHA1
cd7d8b44541b368f839dcde8f5afcca9120f8a83

SHA256
6b41ce13399858e6a364f30a0b938777ef19c4544e2c55e5b6ea7a3c223d8a64

SHA512
f2645f9781b4c2cdcee5542d5fcc7d28c68fca12b1d60b75d2091476037ceedc0903800ab203c09374c55915a5cf1c9ce00d41a5da61432102a112cf6b97c01a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
371cfc6b3a4ee0e767c11818c6a1279f

SHA1
0fbbe217c8242a75727783a52861c593aa1249e5

SHA256
ec97c78cc899d28b02b94d207cb3570a99b785bd11a18daa17092ecce04ab26d

SHA512
3f90d6988f449f0ab6bdc1706e3e89c6e90d8faca84d78968baf2909942a8d2804d4d5750917a905b0b17236dc2bfff4c92ec3ba9832247736f9f2c7732573e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab18D0.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1931.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit