0e2efc8dc0744ea4f9f393b99e56430c2dab7c24e078ab6ce8c818580f5172df

Analysis

max time kernel
131s
max time network
145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5fd864dcb6c7fbcc14ae0bcf83e51527_JaffaCakes118.html
Size

19KB
MD5

5fd864dcb6c7fbcc14ae0bcf83e51527
SHA1

ead69ffb2615c7fdd9f9222a8638350e6c2becde
SHA256

0e2efc8dc0744ea4f9f393b99e56430c2dab7c24e078ab6ce8c818580f5172df
SHA512

f01b12ff6a6ebf4ba8da13963084cba272c5b3ba09fb8ae3ce443603e821922c1c24a3bf435b3f0f7ef08f03386f7ca819b845d3e05182a683864b70a308cb46
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIJ4zzUnjBhlv82qDB8:SIMd0I5nvH1svl0xDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9D46AA11-16BE-11EF-9511-66DD11CD6629} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422381209"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1152	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1152	iexplore.exe
1152	iexplore.exe
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2252	1152	iexplore.exe	28
PID 1152 wrote to memory of 2252	1152	iexplore.exe	28
PID 1152 wrote to memory of 2252	1152	iexplore.exe	28
PID 1152 wrote to memory of 2252	1152	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5fd864dcb6c7fbcc14ae0bcf83e51527_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1152 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eda63c992eb013269691dc3cd4c08238

SHA1
172272635d03d6f7c4bf13d81ecf58ebc2c95658

SHA256
c40bfc287a2333da5901196a37017dd18f47c4bf2bcd3064016b83097932a34c

SHA512
f7a6722735093ed9ec47d2646f0ea41a1493685281828577ce5bd1ce7ff169ae3376b20c5c3f9123adc22750622c2f27e6dccfbe8366f5677add096e4f3b1e80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
755362528fa247b5aeb9ea301c0b032a

SHA1
5747da7441600babffd4dd6512904564ba8e2549

SHA256
0ff65984a515bea2177379945659e813d5d044936ce8dcb82710b7ad76f83925

SHA512
096ed843d5243ed21daeca9ceb59fc66556b11ecfb3993cb1c737286b32d2df40993fd9d890e3e89030f994d6ae370972c3766c40dbb79570c800d8c61588476

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f14ac4e07b71db2ac5bad3f82a61cc35

SHA1
a2901da41e1d13bf79aa7c8809bc9dbf10cd9dc2

SHA256
a3178f3e18a4527cf97dc0e5437deade5db778e725d199d6f3885f129b763412

SHA512
77e50eb6ff29c5360c7917297aa0546aede982944a27f1a43cb26f14874195c5e55765db515830b69b97215e369cb01efa2a409ca713fcff9a7d84410fb22c87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5d83c120127cd02791e76099ad7454d

SHA1
70ed86ea57c9a76888558ee90d1a64f3c3e78909

SHA256
58cb5b949be50185443a3f992f010a54df1a3542d57bca307ac4e6a13232a8c3

SHA512
670983de428bda235e73ec7f046b1438b9a035a6dc44af89b3da837a9d06a51f793b66477b766cfd8215bc74ee126fa144cce20169f26dd90605fe4724146a76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af044bb0301f84c1c6ab979a5471fe22

SHA1
669912f5b9a3aae644532fec2992f8f6c912b270

SHA256
36879793654daa032720a0dcabbf89032c44324d5577d13de734aa2765faa2ab

SHA512
bb0f52aae35233b6f5f2ed89ed1d8793a86acc4532d426626d9f0a9698d8afcc7fd16bbf5e059f4affb243c45e84cc7cae84147a7ef81e51c5f4efaac91a6f21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc5b688fdc70316e769184f9adb957dc

SHA1
5a2dc34794bed9f17db0e4f0d7fe5f4a2c7b4ee5

SHA256
18ea1e4d888f66c36c6be25538de4522665a6f178c7c1077c7fa6bdf1ba06dd8

SHA512
b54ab45c900d41365f32a588af1ebcf314b9494d3ec2ee794e22dd0b20c32e0095e1c750db038b61bc959582967733560e51377a007f18d540a6365e2a05c94d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef537a85f3e7e1fc3ea57290ada257ff

SHA1
39ba7ce08b0e19cdbb319987a1859f0bb4a67999

SHA256
0cd3f3b43788dd3894a2caee001f8e745cd0c546ae45719e7bf707f211664f44

SHA512
698030efd7a058212bf5c3975836b188a309bd5c36593755feded8f84db47a70db9763edb41c654e1fd9020bcc5edb1e34329b4070cf1d952188c4e31153c551

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a279609f92ca121b4027bb374ac22a62

SHA1
5669a81f81b170ae763bd5b9d810d2335a24419d

SHA256
c6b81d12a8de133d5eebd8ca4b9a6776b68e21caa4252e589597b32e791d7408

SHA512
4ec3db9a79e04780364e96376c98ee833bb2d200b86585931cf02f53f882f316fa8c3b8f49c1ed58a4c53abad9250095dfe9b2542c41b24f0625b64415dc2716

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7c068380b273e15cf7875caa5dacea9

SHA1
f2c39e0d3adaeeffe60d873113db8a94ecf55d80

SHA256
d1797b8d31b6cfd2ece8aec54e92a9fcf850cb2ecda3f1ad3c5357f675193a4f

SHA512
0ee36c8e33de351758087b80bf769e2b5d55aaf224a7e2f877c874640f9a80e26261dd75b24ed7e18a5f0cb753a68f433d20ad1fb5aea2fd8c19d454882954fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a4b194b397cd3839fcbbb2aa389f409

SHA1
28ae36246dd2c1c8f7b191504e1087cdc00fb43e

SHA256
f4d97623b61b88967a4eaa4ba64da7109c9249a5021b2b0e00513723b0c31042

SHA512
7a7a68b0c0629189bfc983160aff7511d39cf6c19037fdc670723cb1b52a14cb57bd096d2befe50fe8b80ea7d9bee1abbc3925d90e54b95fbd0846039fa4a0f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81f86a9b214e413b6bf607ac0642e852

SHA1
93f97cd609add65854d6160f1e6957ff69a9dc6b

SHA256
f6390a66f7d2bcb7a25cb686d60cb0189fdefa40924db3fbbc818083ad197829

SHA512
b9d09ab39fbc6c2a8bdb9508e2c9ee0fb132d7e6ff02e8c3711f13b4fc5dd7d37b93306b95ac06ac7501dfcdb2493208e3c7555fbcedb1d088b1d6c836f3e971

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5084694ad9f7b34f2a7af6085955d02e

SHA1
3540ac3b11716052039f7d7c75b79dba37a74282

SHA256
2c7038995851e61534d4dfcd263317332f0f8f455d09bb910f18e7af5ae81b47

SHA512
b11674ee05906a10e86b44f5c0c8df7160cb3e84e3b618ae38386209730617830f5e3a60264acae4c9fe6b543e9101416375e71453c77a39c5710c9230f77f4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA0B3.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA1BF.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA222.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit