c4ed6d4b09c6327a1daec7078e0f1f610546cc6587860827b71d637960d870fd

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f624cb1a0064ac99efd25311a3daa11_JaffaCakes118.html
Size

20KB
MD5

5f624cb1a0064ac99efd25311a3daa11
SHA1

1445606708dd9802b025b73f831eefdd9ecb52ba
SHA256

c4ed6d4b09c6327a1daec7078e0f1f610546cc6587860827b71d637960d870fd
SHA512

2b3abf4514c68e892aa3ee2b84545c6b02d7fde168363fbbc6fc847dddcc7a2bdeff3bb0ff73f3a6fcaf782369e0578a6ac08b27f1e711cc697d259bccf2fe36
SSDEEP

384:StgBRygLZ6PiSYqfZKjgD8mFmboxWftSjthBufs96XA2a6s125exN232Bo9:SIoc66Ekc8mFmMCuBufs96/a712KN23v

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DDCB6E01-16AE-11EF-8C93-DEECE6B0C1A4} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422374444"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2980	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2980	iexplore.exe
2980	iexplore.exe
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 3024	2980	iexplore.exe	28
PID 2980 wrote to memory of 3024	2980	iexplore.exe	28
PID 2980 wrote to memory of 3024	2980	iexplore.exe	28
PID 2980 wrote to memory of 3024	2980	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5f624cb1a0064ac99efd25311a3daa11_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2a9ae5fbc50d371bac03e96d6cfde4c

SHA1
6b3240fca24bdcad22026a468ddf75d8d221eea8

SHA256
6ad8acf3d45dc07a143b1c15282f044e85db93c6d6609c91e43ba302e1e3c079

SHA512
6e1c10b752d1eaa9b823ef46e816c9e907df443c8274903bb49bdc9751fab86c593e8ffd3e05e802175598d35e92874a19da6dbd78438e439a59b280b15b5605

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ad45d37fec5ac55e137e04ce3da5cd9

SHA1
6b71f48f889b41d59bfeccf0c1fe40526ea32387

SHA256
f7caf0de282e1bfc8c089ac94a9a6019312fd3f787f1c590ec92e9c0180562d4

SHA512
f759c90fdd04d6c8e012d9684bcadcf0034ee9bc78f2b5a89371826339be29efffc9a68946fcb1fa2f9483bcec49be44288f77a86091deb79a67eb2dd2d26523

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cffbe8429054fd9c02e41fb992946926

SHA1
b15460bb8bc4649509b8322f3a764a1ec0875348

SHA256
f6ef10d6a4b9dbde9a2685049ac2ca16211c63483974a40b69136bb3da03b5ee

SHA512
e787ebcd153c208a0b338d572c47ad4da4b38e8f12e92b79075f397003d71e55e5a288cc963b3b7c774c097498210aff65d48db55a5c343670b79e41f43b1996

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43da87187a09e9a623075354fa7f93e5

SHA1
5bbc2b7ac9c482f3d0a5a05aad1b9029966262e8

SHA256
4df489f03c22a78a12e8b298a7b72d2f11713b2bb56c5235d2611056cb476dd0

SHA512
3f412f110b9ced456490c87ad2401292db262f7be281220c8e086d75bb3dc636d54dd283e548aa089f92cc91829b60acdf6f1ac2d26f50a09060bd79b3d50eb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7798d562a09c7df29ab7a0514a8b0bec

SHA1
8488c4b189cc36b54306f010740b79a23e3a7ffb

SHA256
0e6f0db9e513f0156a2bd9123d8bd7fe0d6492c1ce18e4cab59322abf5aa7ee3

SHA512
8821a6e1475650693006dba722c53762a4239012afc769973fa4cdb0f9b196596ffc3003260a90e0650384b488aea16104981f9b437ecb6e669782fbea90788a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a24279a63d13323881311a6bbccbd904

SHA1
a74909aa94a1be38a359fc867cb8089b1c072ddf

SHA256
c57bc985a05a78e02aa1690fc75f34158896aa55c8e8f9a0a4bff736f7f2a7d3

SHA512
a8d35188fe5b0491720cd2c4a6f68018d1fdeb0f8bf2d2ac80afee540cf8a69224c0efb209a7e1ee1188d16377e9d70c850bca44f5c41f62a06e062688e0842a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e64853a99a6afe1f64ad753476f84fd

SHA1
09431227fa50ecfc6f1134f4d003c12efbc2123c

SHA256
19240b458adc0814aea96c4a5f25c9396d7d49e8b5440483ea501e6adca46845

SHA512
4a479b67c7a1360c9a63599bb835cf5ec6e93f1957f4e08a8344d4df30b0d88a4cf7810219bba47241a70a36b4abc310bc0b9ae15dd243db319fb94498b8786b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d8b62e129775a49d4cca0e155ac36c8

SHA1
bf83783094bed8de0ccbd82cb9555a53c771773d

SHA256
941e8dd9fecbfd8803f65af769949ebb26c7a2b39f3b1e05476da39b1400b17e

SHA512
fcb26c5ff8b85b0eb3b9fac73c4cbf3b59d1e1448c03bd4e36df3727bbd04f2d32db8aa57588bba65c9b4b3a8ad0d119765e06004fc039b6d2373bd951884055

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed295c58e16e539953fa5a4a1785913e

SHA1
3d0a2775ae58b82010d6039f0d2363249cd751fa

SHA256
a29b86cb8c3e6483c7393e78bdf4b49e977de58152bfc190aea571ce44ae43e9

SHA512
3c8f6a06f2603df3fcdaa36d6a786dc79ba23416fa964224aacf9241dac4b55f3f045bd35b64a6adaef4bd15e11da6c1f7ca12bc6a42e3f0edcd4b21646ebaa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c64af35a9b4c4ba56c5e07407f523152

SHA1
1990357e20d32608da2c3fe83256d0a051716fc0

SHA256
5ca06a467ba50eac6fb633bbd7508f0d2fdb7b0bd15eccbec03a692428280956

SHA512
982fbf71a24cd37f86784c373817c73427946c120da5d73be7e1c1b26191203a5b63b3a7351613051b79578a3e05aba33ebd882b63fff84e42fbd05060d8bb35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
085ba3b297e76505fa364581273be13c

SHA1
f18bc931795a1bf463fa4364a9846b21f56a04a4

SHA256
fce159f398d050f889463de38207e475c7db8f4540c95f0c624e4395f718fb96

SHA512
c282cdba33b0700dc7b695088e313c53f481c13af886340c125e7dd8b2af07952ea9288d12263700cd9a8886dc973f2c800712ec474444ac8cd327000d4553c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eef7054ed7c84f28bea72daaa4e28bdf

SHA1
3a29e47ac7f856f6bd17d774f3132504711d0791

SHA256
0b80c93dcb3d6e32fc59b37f1bb865e16ef4aba2d89156185b87b3c68b5b1ec8

SHA512
c13bc5420ca4497b8b3ca87361577891d1fc05438e74f1b8373930e49d1ee1ae32690e624a932cd87336e7a186cb729eb1ca5d9335738429c82a77672d6dc004

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
c796bfdf974ce673b3615a8940d3eed2

SHA1
b2218dc51782d38cd036a719095a25acda52a0cb

SHA256
30361d1a9f4ffa8c2d6b3fe659dbaff13808dc4577b4345a0b3827a5070e1ef7

SHA512
0b8551c15b41da42003f6068fe3b05a6dfb44ebcfd1bb3e1be23bb5ba6ca618394566224aa9803b93d9e49d6f389dc15ebb6de0d899f96e1ff4a3141005293f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
c9ff8c108f022582767f217531dee4a2

SHA1
24c2b2c7090fefa97fdf6e1b71e6e4e8381ef295

SHA256
19d734f943d014621bb79c7b717de2fe14ec95010ee3da56ff463c1e42ecf31e

SHA512
1194ad9c6bab31678a9c512ed25aeb71224a364ef8cbf60793023764f45c02edd150fed48f655fe0e772d2e263b455a7e506dff1c5cde2927abc70b853fc1b9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2712.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2727.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit