576c29ed6e14cc215fafd0e713d4df3cf1e94e69c7b2770bda220488dca5d78f

Analysis

max time kernel
148s
max time network
147s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 14:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

638f93c61c8e55e54b9ba2a8ee7782e1_JaffaCakes118.html
Size

17KB
MD5

638f93c61c8e55e54b9ba2a8ee7782e1
SHA1

19ad96ce848284f68867eb7e54f77c8516f9109c
SHA256

576c29ed6e14cc215fafd0e713d4df3cf1e94e69c7b2770bda220488dca5d78f
SHA512

3b306121f5c502e4dd94424a9e1462adcef1ea66138fc767dc8de501fefb8468eb881a726697461ee67a7747d5da1fe330b693f5f51259c6f5bc5abd65c97567
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIY4yzUnjBhug82qDB8:SIMd0I5nvHnsvujxDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422462370"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{95C562A1-177B-11EF-8004-DAAF2542C58D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1148 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1148 iexplore.exe
1148 iexplore.exe
2240 IEXPLORE.EXE
2240 IEXPLORE.EXE
2240 IEXPLORE.EXE
2240 IEXPLORE.EXE

pid	process
1148	iexplore.exe

pid	process
1148	iexplore.exe
1148	iexplore.exe
2240	IEXPLORE.EXE
2240	IEXPLORE.EXE
2240	IEXPLORE.EXE
2240	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1148 wrote to memory of 2240	1148	iexplore.exe	IEXPLORE.EXE
PID 1148 wrote to memory of 2240	1148	iexplore.exe	IEXPLORE.EXE
PID 1148 wrote to memory of 2240	1148	iexplore.exe	IEXPLORE.EXE
PID 1148 wrote to memory of 2240	1148	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\638f93c61c8e55e54b9ba2a8ee7782e1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1148 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03dfc282240d285d5f158e72cee85f5b

SHA1
6f9952f52d8d76249c3957bfb5cf007086c6b2a9

SHA256
4d57b3d50155da456380333603a39c624a130bcd047fcb01d41fb81aae572ef2

SHA512
9b53e1384640b18894ab539fb4274e6c7222f401c416f5a6ea9f2695da726afc0f3ed8e12ae921e8b9c4871714355b07440c186bdb9924fef607277ba4fa1be8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f05c5dca24bca929805ff93b79ef57c4

SHA1
b95ed4c8755f360d30d311ab012f51fe2a489fcb

SHA256
1469ecae1b894145f966e6123975f8767ffc518f27be69c4b6f47fbfb7a512a6

SHA512
3862bf4eab9c31d2422be2e8844d17463d8cfe48eb7f1f9b25351ace1b3c2c00d59619c1623e07486008de3414f7b404369bab10316c8da1122bedd87734342b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ba8f4d72b86e67ca4a66ab5bb1404fa

SHA1
86a936bc377e38d16a4f72d97cce017c4da42b65

SHA256
28e4ef47a40aed30f16bce99f07b0956a5d1202766d33743938064ee57772da4

SHA512
6e2ba4ea3e1e5edaee2f781100102f23a542fbe6b4461d1c6b3b7444d5161e6fb7582ad39cfd159694e0e7351bcce5cde6af722ea4dd284f4a0f1c0b79c822cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
055010efadbfe940b65af909d7ffb2b8

SHA1
62b938609f286b801993066a39b906aabeb434ca

SHA256
786b422ecd787ce38514b021f24d3cc303e6cdfb0da603ef4f4228818456e8f8

SHA512
251cf845a3a6afbe454e5f2d469a23340e269730fa9235c8fdeec88af7e4cbbe787fc4b0bc013df4b05384cb259ea37ec3bcd880b4249ad5d3811a902355d2de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5f09fca347a68cb660ffe73a942541c

SHA1
57d79022407908ca1747cbebcc86ad14c71c612e

SHA256
7e627969646f4001165e612fc4e8cae583efe19ed66797f7e6771f6f08f35b2d

SHA512
a36917e98a040ac406cf4055aa91358272c6af7f05067155fb721a6b3471ed6fbaa12327f6fc56e7c352711f76600fd8363a648404e32ab7b70e57f2b4f7103e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ef989a90e0227b01c7c4e7ff2d84e85

SHA1
972fe2a5681912f25f7759502681af3a1bcea700

SHA256
eb2f46ff87cb8846c807f9934e34079c970143fb0c4c64b67826a98f72cf8669

SHA512
ca6852199d5ac8a31816d2ecc0893499731af5f50b6209f5ff816f2f745e150eb2ebaaba2af5516ff2d99c7ea98edab2b313a00168fe13820bd477b34954f0c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82c8976ea2c71dad57d71fc06d3becef

SHA1
68caa406830a74c6054e29f67c9fd04a256d9195

SHA256
31005af6b83607d60853cc9bb15c82a749f3a59e7e05a175523a3774bc312533

SHA512
db99a7c96ec1d919029379822071301ebac3e4ef27c4c7704741337584cfe676ad2815594f4fa6a21a9d95931b371856c306939a830fdbb46c89cf834dc69acd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
792cd24fb51b46dbc69cd7ded2903a12

SHA1
f6456d79c9543de1167cee1860ee44ec54ebb9ad

SHA256
899fd5b1a38c4799050d68b09ff6bdb6f23fd1d5430f2b254668b80d014cefb9

SHA512
c7bf43d29bfb2e0a6ff974f46174c16a3dfb7895c460805629bfbc31d1b3ef2dab761f441d2a6c9ecba05b3411b76d3f50f7bd9a28a3176e8e69e09026235b80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0bdbd08a85ffd0251be132a6e945bc04

SHA1
9d1b3416fe64e6dfdf781d1420d1199f485bd48b

SHA256
b8cef795cc69d937d585232c1c339a233f531ad31a6a9fded1bfc7b5b69d78cc

SHA512
a7d21ec2c1ec6d9de0645bff6369db48b617f3007156882eee419c644202f3151a65974073bf4c59d3bea217ead4cad3723e518b166a1ee6a5b79ee830ecb9d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98c45999802a65d8c51897d8de621aa1

SHA1
e6c1dae15197b55ac2ec15bdbe08363b9e68513f

SHA256
10340aa7728e82948e52a9b6578ac2f42b5f23ad0afa74f130f442f333be5875

SHA512
050d756d35d74e3d461e120aa1ea5d821bfae273ce940349cb243a3cdd0c345b4f4f3db8d708c67ac7e3da992ec73c25865bd65cd831c86d84052c456ebf1f73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1559386355211a861065aa6f00329674

SHA1
ff0a5ca876bbbbfbddefeb0de7cdf76c061cc5b0

SHA256
800b2c5971607083fa79554a7bdb0e463785f725d129a55a271a28afb61b3664

SHA512
c7b644fcf208c664bf4a0bdd6abbe7a37ffbbb3d5f64a3fcce13141feb2eff5103a0b2aa89a4a2e9727f04aa7e1d9dd2176343e396540af158a4205c0b6accfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA5F.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAB0.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit