6b446d98b3e68ad54f4f2facfca6df5e0ba71f2ab687200691b58fcebce3c961

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ffcc5f244394b985ba3b52605071e30_JaffaCakes118.html
Size

34KB
MD5

5ffcc5f244394b985ba3b52605071e30
SHA1

750843549b5fd1c5dd58d7d7dae3b0fb84168e0a
SHA256

6b446d98b3e68ad54f4f2facfca6df5e0ba71f2ab687200691b58fcebce3c961
SHA512

b9704670df3270cb77913b1eff2759984607eb2f3c66fd0e4b1ad13e887a58e1a06122b9fb86229264f49cb71d40431aee61bfd9350d04d11a9bdb2660809a1b
SSDEEP

768:eFkbR1bTQNb2vb0BkZS//9b216lCWFoGe801J64JTYAX2Ve30P:eFkvnQNSIBkZStS16lCWFqqcZGYkP

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{40C33F11-16C3-11EF-888E-CA4C2FB69A12} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422383201"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1724	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1724	iexplore.exe
1724	iexplore.exe
852	IEXPLORE.EXE
852	IEXPLORE.EXE
852	IEXPLORE.EXE
852	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 852	1724	iexplore.exe	28
PID 1724 wrote to memory of 852	1724	iexplore.exe	28
PID 1724 wrote to memory of 852	1724	iexplore.exe	28
PID 1724 wrote to memory of 852	1724	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5ffcc5f244394b985ba3b52605071e30_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
da708245504875f6f292c475a1fe231f

SHA1
c81ef13c143048cda81f0c1952248360222a6bed

SHA256
2842fa11472703e6cc8bb18c94b6b3b61fde2ae00e0dc8c0f8875e23364f72eb

SHA512
d2071ae86f2cad996ccbd25c6cf353ad4963bd925ce5fdeb47f1c9dd38a4007fcd641bd67957a9ad42804bc9ff8526ce2361dbd10d84853f19eb8bff52111074

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40acc028e39ab052e69ffa830a56ad1a

SHA1
d4fd44afd1f8b95e4049b519e4c436bdf2526f5f

SHA256
b32581a9b297b8e9c2c6356615a40eb64d70ca0e1d92cb5a4aba49d9b38582f8

SHA512
6c95f44cc3a237b92f82d8645902f53928e522691f822d2b2a406709fc5c005555aa3cbd5688e8113d2e4d5d50920182e93dc46f1923cb5b73d79ecf5d2e2efa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a95463d06303f7196c1172f0db7e010e

SHA1
571a64f31e82a961b22056bcb42f22d9352ffe2a

SHA256
4878cfc65d0bd0c21ea676c53b9d5036ef91b9e1c0de9a69fe0549ba82ed49f7

SHA512
936d80971e7a4feee4833e907dd0a0fdc261a180078987360ff86387e110546e21bd83d06b78f8cc458139c32a78e8a52345d665d8d5b6a04835b12c819d41e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cfb3109cac3b3dfa565794ac55c3a58a

SHA1
9796ffaf1db03e7ea6082f9b3dcded7b402cf8b6

SHA256
36b92238fb22f6f208b26f3669c55d83bb739c822e9a7c81a29229666c87d376

SHA512
4129864e0e27f541da99b83523a8e54aebe8e974599a56fd011c2447ae026793a6d511d47ae95826e9b2aa61dc04cb98471ec3c1d0fdd626aeda53a057eb51fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
267b01cb18630f23b1f0e1b39b380920

SHA1
27cb54bd42549e904298aedb56fbbdfc903fe062

SHA256
b83d947b08d148fb8f0420906e660461c94fc9cd0579b8d3e4058c85fea86891

SHA512
acbfdd3074a08dbce74593167a21dd1110e7e0cd246848a1f638298807b3587dff1195fa025fed62bf0c4d3d3ebf5b682139a88b8a48e7222666ab44d3db8ffc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7631b0116c3a8abe1b37d3773fd96775

SHA1
8611067b2fad4625eb4ecc60e590dc8b9d335a6d

SHA256
f0d1e5e60da16900d4d570a78861b280b4ac70f0b3b8780fad00e4c6f56542bb

SHA512
9ecde0f87651a3973d3a7136216843195647d28fd3c154e13c93d206896bef7bb3d5b60bc2cc96fe0c93ac95f10f3ba3c23bfe7999ce2b3d87149c1836d91df1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
097f670284ff4f76ed00e52fae8fd2b1

SHA1
8c106567d8b8d1a1a55d971f0b7dcd5711390aeb

SHA256
61bd3be4865629e1143a285fd3152a4967f29a156f6136705b0ee68381caabea

SHA512
cc5e2c8ce670eb16371f158bc83b4326bdb1acea4fbc43d612f22ebbdfca5c4edd8da6f80d5b5e54ba0d4e69eb28fdfc1d661115271db3dc8a7d51f65f4498f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
067b5ce13b470167c63090388ae2ee78

SHA1
824510a1062b17bd99b2c1d7fe87ede6a4001667

SHA256
19899880e0ee67fccd0c22d2802c84d6c83cab8adcea69fe40642523519bcfb8

SHA512
3877ac01964639dabc8023f14eda2d0e86ddcc2045194c3b8c73a1dd4160749f82f72b0a1eb792ad8d4e1ef76bf25f942b4a9b10ca8bf48a16820d9d2c583527

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71bfaedc338729ae441bc7b784722be8

SHA1
b73a2628f56010b914b9148614d6dbb39204ebee

SHA256
8d96a6cb57a781d06cb9ae2d6b493fb3d2f873aa477d0e95c3597cf148a4572d

SHA512
14dd561ad9265f49ec1e469ff252f4f9bbc69adcd86236fb25554990e77401a2c18ea008a1c7e64b7f7d7f43af2901151d25a8b227db4169863fb0f143b2787a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11caf8cef4b0774c256d7fb46f3c2d30

SHA1
744299b45c6740008d391197ef60f8d6503b1cf0

SHA256
ca8d23dbb7966d6932268dacba52c6e99cb1e34971cd72797281540b2f64ade5

SHA512
2f9fe9c3372d125b235cf01ff37cb8aa6e990d1237862aa51f2a21cfd07f88b0116771280b11a521d4663ee29df19e56b7458e02a18ef8bb7ec599c6f0fecba4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
2c27cd003d8dcd9b8768aa828249ce81

SHA1
5744de2334ad8b38fb2298dc5fbe38eef220ab0c

SHA256
55b55dfc828933639f79a2310fb33dc1a9d421bec10e112d20dc5a8f1c38b0e4

SHA512
9912d98016cf159a849b4b399eb5d8f22445ac4784263d206e42feac462d58bf1149f6fa9c2d1198f8534a7abb0bd2277244b4bb0fda9d08b9e2037ae6f3ba8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1615.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit