0cad604903634e2615bb3f5c6bca6595a616c11bb3fb981ad1d763e0f3cc8d58

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 07:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6289b214a794256ba6a3f6ea9d70019e_JaffaCakes118.html
Size

66KB
MD5

6289b214a794256ba6a3f6ea9d70019e
SHA1

bd0519b13296f5addd423dfba8024a0cdf149115
SHA256

0cad604903634e2615bb3f5c6bca6595a616c11bb3fb981ad1d763e0f3cc8d58
SHA512

902397f453bece1b32de1665889b0d0dda39d87d59bb1da3074da6c38cb712e7f1b64fba8f4b29d7cb63a86ee0760807a5bf04827263c2a7e27da9fc0f25f05c
SSDEEP

1536:gM1IZDuHI0YW+MyFvw9f4g1wZpM1IZDuHI0YW+MymyDAOKQ:gM1sDuHI0YW+Mp4pM1sDuHI0YW+MYAOd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D3833F11-174C-11EF-9966-EA483E0BCDAF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422442289"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2172	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2172	iexplore.exe
2172	iexplore.exe
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2516	2172	iexplore.exe	28
PID 2172 wrote to memory of 2516	2172	iexplore.exe	28
PID 2172 wrote to memory of 2516	2172	iexplore.exe	28
PID 2172 wrote to memory of 2516	2172	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6289b214a794256ba6a3f6ea9d70019e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
5fd8e2fe55dd8e12c71b1b0596be2206

SHA1
c840bd416f2eeb9ab72c3c3db3cfb1479abc4624

SHA256
37ab92beacfa5f3f7f1b07bdd49370f3691bd64b89992c6cc046d7ceadefd596

SHA512
5a3dc78918b87cd755ee9f80de43de0527a9e031fbc50f05f4556b195ce391c9cfce1ebc5df05c93cfd2ea210d2497f2b3e8e98836fb7b0821e90939c54baa6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4139edacb84fcc57bd20e4eb83caa0f4

SHA1
696e8e4cd2fe459593bed96ccb03f98053a458ae

SHA256
30670e454c75d981527b1748ab7395848971cb38a798867340f01e975ae317df

SHA512
69945125e6cc5dc5269509e03525641508ada371239f2b47e5acb2c43672026ad0bb6cf589843cc652ca24d13d16b377fc0ef0641af71642c8674b537db03b29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0cda582f6f60000dff34b35fb17e5d77

SHA1
e90b7084c0bae4629876f4a9e125f38f619fdb0f

SHA256
67027d9265d8951c4b902c350ac038b4b0feb7658e1ab978e25380a11bf1c4b6

SHA512
386e49830487ca6e82e1027bf2a99e313daa6e52d7e8cd4e0e59919f027fda400bf69b065037d6007dc1bb85962af988cf4ce0a76ee2a19288e596e6288af9cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6342b18a0135c0253e148121a2970ad8

SHA1
19bc70abe1991799d7b5ef2484ee18f089261ff1

SHA256
05f54d670c8e661f10b5547e45f1dd279a2cc2729797a96fd7a9c257fe5769cc

SHA512
e0677d2ce213d17eef24f09309528063f4264d27b0a6786fe220f6ba428bc9c8f53535f086457c3e6fab047c9b7a93bc80f5c4e00c3a92f1d6154f4f752dc21a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f58d2528e65006b676b276616c1c9b3

SHA1
c94a7ac644db1fe0699c620256db8777b0fded80

SHA256
d5038c9f112dd393933d713dfb4755b068946c6e2eaa30bdb3b7173c2b6b1d95

SHA512
e7265a7c0aa09ac167c4d47e92f69e890148d567f3315462881b2af7ba9a54a0ba464d857011b8eec529ac7e2b383c9365fe6a38066419643eaf079bc77615a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
024db5088f530db93f50b2a62661477a

SHA1
edbcd20f2e265e7a00cf77b64078138d18e80dcd

SHA256
5bc4bb0c5579b57815cf2c00da040860f245c85e7799d12e41b65636c4f4db20

SHA512
5e9a989fff9aa08376fcfbd9b1129145c2a7261dbef0177c52c4b563b7bcae57ca6edc2200c482bab2d3d551ca88bb733a3f2e23a5773d104fb2b063373bee08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54ce8e0eae7dbda2dda688d87a19eea2

SHA1
e960e8035da52b24e92964378b0ad6c82bf98340

SHA256
555afb9d3c0759c31aca59b45f7414b4270a32044659c3dbbccaa1e371ade8e1

SHA512
ff2fb129049b0df91c113c2092d2440fa94c61a32d4a6a89810379dcfde863cad2bef8285f051971512ee94918a082704ea1d4ebd9c77fa46389415fa2175fb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a703c02f12650d0ce0d14bb52d206962

SHA1
05575c20dcf14cdf9cf821ab9fce4e2d59a215ea

SHA256
a9ed12b95820daff6b1d8eaae0ad16a6a66831e2ddcd7ab70f8f5ad741f9d5bc

SHA512
40236074d4a4f7311270d0c79cbe09f3c39cb8bbb31d92f73bc9075e58806aee42acf84e8da4aa0bb7336c093b46c1d90aeda2cf08295ebe0b37fc8758584f13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bff0396808d370b0e37fc5735b9fce7c

SHA1
29f7be41ae57175560be88f051442cf987384e3b

SHA256
2e5cce22bb0bff0f3f2b43c382bc6fd65c3c23f01798b56d734b28ba4c9bb111

SHA512
beefc82850c01beac053a20c01a3beed9461be97ef969fc81df0e97591fd2de133986c25805689035ec74f97981d881c694c32c773792238753c2ee996fb4bf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
825ee3783a5e856db968dab1919c7c0a

SHA1
92d25719b75d2d291defd4001cb40a6f08777591

SHA256
10a11ee67cc197da69e9391fdd36e0e03aa6ee076383ba8bace82011cec7ae4d

SHA512
87c3924d005f476adc1c34a2039708f944626db3d6facffc9fdf093e4d9a084a3047afbfa35d4e287bf1d8342e5f9e3d27c2525098bc3290f80305537c836dde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
873ecaa8dbf1216c4f5d02a1736b2055

SHA1
32d8c59ec4d2d64c8c57f3d717dbb21014778b64

SHA256
9b2a9038ce3d27ba43b64bd66b4f5a52f759e2281d657b0147835fd759273e43

SHA512
ff7435a4285541784b40bff9089c801e8bb00cdb559e208e27f35dbb624e0df0a3335d3128947ddaa2b97e48450765d12cc5585ded019fda72a834df5755e934

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
fe49539fc503389480e8b77e8caefbfc

SHA1
8ba3ce1123660f9fec0a9812cfde23b86efd3434

SHA256
d9026f7b1c5b6dc8fb194fd8aa1074b98fcae3f392f1c1a836bf21a6c27cc8b1

SHA512
c290284f67a2f26382c98728834930b8c9f35ed49356b63e34641f2f85179881e0b169512870d2af2cc11382d2fe59bdd3bf171e69479949e5c5d2439f6f65af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab23F5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2407.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2593.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit