c61e7bd3ed0ac242f74cf68e852115d577e4d14f487ed4d6b5d15fe8e216ba2b

Analysis

max time kernel
148s
max time network
148s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

612c890ee10eac0e52425624684b771b_JaffaCakes118.html
Size

18KB
MD5

612c890ee10eac0e52425624684b771b
SHA1

9341ed7d32f7bd0380b0b1f8dbe0a9f2d0c7782d
SHA256

c61e7bd3ed0ac242f74cf68e852115d577e4d14f487ed4d6b5d15fe8e216ba2b
SHA512

66c7ceeb06d7ba2edf71be68de17857a6df0f01d2114b85dad13df5347d5b39c7eaab275984ed62e16663d2af20b107b19a12b2398fa97ba597b2846c4231f2c
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAI7195h54kH3/398tmWzUnjBhM60082qDB8:SIMd0I5nvHHsvhwxDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422406844"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4DB344E1-16FA-11EF-9449-6200E4292AD7} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2348 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2348 iexplore.exe
2348 iexplore.exe
1744 IEXPLORE.EXE
1744 IEXPLORE.EXE
1744 IEXPLORE.EXE
1744 IEXPLORE.EXE

pid	process
2348	iexplore.exe

pid	process
2348	iexplore.exe
2348	iexplore.exe
1744	IEXPLORE.EXE
1744	IEXPLORE.EXE
1744	IEXPLORE.EXE
1744	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2348 wrote to memory of 1744	2348	iexplore.exe	IEXPLORE.EXE
PID 2348 wrote to memory of 1744	2348	iexplore.exe	IEXPLORE.EXE
PID 2348 wrote to memory of 1744	2348	iexplore.exe	IEXPLORE.EXE
PID 2348 wrote to memory of 1744	2348	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\612c890ee10eac0e52425624684b771b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2348

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a14c91a0487f6d3a3e021414c08a2d2

SHA1
df6a4ded7dbec13df37f8f0393361c1854d232c3

SHA256
a6fb748f4419c6efaf25130f7af2a35367980ce2e63b706a9aa2b958598449f1

SHA512
537ee8f2e34edb948f1c218f420fc8d4e5003473b84e7b796e64dfaada5b087d2435a82f2236fe4bf6d48ecfb0741aaf97b6ab6e40a36ad18528023403df6318

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6955f9f6ae91b477475a4bf321a8ce2f

SHA1
1337faf89096593d855e25f3fb34625d5eeee961

SHA256
6f9e9fd4022a6290bfd8f0ea6f9928987b0f03cdd2c1465628732c98bde9af24

SHA512
95fe642d00e3cd867daa727f7d2d70b8333af5b232eed571656bff37439df702a109ae6f77ad82b0e72148b58c0f9fefe3abf36636af774af7934558db336348

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca5f60a38dc4729460d9b490e0e25c52

SHA1
24c44a714130957f9e274e1a8ee6a7e26eae67ff

SHA256
ae34432cdd80553ebf06d6960389862851ed2db1758e3e37d4c6a2809e879b80

SHA512
64cf1649b8171d42768b0173f5b0323cc8463c5306fc2c3d89d556756d50a5b27c20eb818adaa753d576936d5b0f246e1ebb3c2a9751a5d73c7430d2f392e331

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
057ab8dd2d01c18e4cae258fe6bb001d

SHA1
ba13206a0e1c659b3008e1e9bf2c75d25d0403ce

SHA256
ee05168c5630788d54b327c89bea1ce5c44c3f250f735708ea778b454587153d

SHA512
359430b36b795623e7d1b0e6c9c343cf8885a9f01ca33434c7225e9af5a3d030a2ef5d9eb59916a30e57b7f73330fb9267e9a51d49e1961190f9ca8f96c6be89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
088060ee2646289ee37feec45a8af245

SHA1
3594cfee2a8d51f582e32b15de68d60ae5ca3e25

SHA256
d381f2eba59a1938223d8462b4be19166ed75f8e496204c0a66644f8300ca369

SHA512
68ccd08453e1c9e7777712a5b55e446b80a37f2d8a80875eda81007da07549b3bdc1ad5b1fcaa13390f7d932b723d7c6a6c5cc5efacda5871ad2fcd0578e1abc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6fc020993d2021c26ce7b567602490d

SHA1
76d48c9cc8ae66b232d586c28efbb08418408d1e

SHA256
c40f86fc7a84ae442ca6af23aa2787eba47d245c797cca73bb03d34bc800286b

SHA512
be84356812502662863f60af03a5a90629b2d4a95e423975d5f7b6f84837385556eb50ac9f02368b5971beb39573231a3a0368aab72b3c196c739e31f1915e68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66e38d5a6479f875cd2d73f681c7984a

SHA1
83a55154594dd0fb3416129a2ccc231bd51cc528

SHA256
6d4313103870160f8ed38fb2d85e655f7442bb995f6b9b1ba549d1c025544c39

SHA512
63217ad014b9231d1509b3d42d8f4afdbfb42b47fee4a49fe24777c190282bd24c49e42fec8a34be4f34600b74dbe8d74575413b8b2bf2994e92b61696ff61a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ae04f150ef3089de0501f7f2a319121

SHA1
fa969019de17b5cf0ebda69e405b4f6462baf317

SHA256
437b12d31aba955c1d26d34926aedf3a9f2c503292f04a44a2466e7ef6da6561

SHA512
650d166685fd5c58f3aff97734db0bc63e71dd974693d4a273412106fd347df79e30babcfafb1c5d3c36c9d391f76243b5759c859631f73575d500d965ddda00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08ca6430c0ab3ed2900451349c25dedd

SHA1
8eb0b3b16c039b48b1aacf74fd1b92793389dc38

SHA256
81b4eb058c7913d1df014c60bf568696bc6c02b2db9ad4151a60b9115bc1abf9

SHA512
ff31152c26af7e2a272a87406c0f00f65ad632dfe0cbec4f934e5bced074d787b9ef2cfa6743d6ffcd8893a5d10e15f9bb66133e754ad1740d6319c13f4734c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab194C.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar19BE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit