4ccea2461ddf9e44d9c5494420d9d4b747160e1648c102e2031a80cb4569de99

Analysis

max time kernel
150s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6393db004029d9b780cd21f57dc442bf_JaffaCakes118.html
Size

47KB
MD5

6393db004029d9b780cd21f57dc442bf
SHA1

39355969e79c5b73b9fcf5f42ea0b4b4576a516c
SHA256

4ccea2461ddf9e44d9c5494420d9d4b747160e1648c102e2031a80cb4569de99
SHA512

0e187bd4b2a57e434404b0976eadc066097110e23f7f0f2cde7f1e690c5476096e7bc0ed86e2794fc780c314dce8dcbb05ccdbbb09f890a562f5830dd6612ce2
SSDEEP

768:AGGKR+4w7URBwJhKJpCPRfE+BVWw8PeFZalq2nA7Xj:AGGKR+4w7EjJp4/8PeFZalq2CXj

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422462746"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{741FDEE1-177C-11EF-8C27-FA5112F1BCBF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1760 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1760 iexplore.exe
1760 iexplore.exe
2560 IEXPLORE.EXE
2560 IEXPLORE.EXE
2560 IEXPLORE.EXE
2560 IEXPLORE.EXE

pid	process
1760	iexplore.exe

pid	process
1760	iexplore.exe
1760	iexplore.exe
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1760 wrote to memory of 2560	1760	iexplore.exe	IEXPLORE.EXE
PID 1760 wrote to memory of 2560	1760	iexplore.exe	IEXPLORE.EXE
PID 1760 wrote to memory of 2560	1760	iexplore.exe	IEXPLORE.EXE
PID 1760 wrote to memory of 2560	1760	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6393db004029d9b780cd21f57dc442bf_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c83974d579a1da7d2f264d170740ccb3

SHA1
9d59ea89991e05dcb1aae3d9950b7f555dc6c4f7

SHA256
38601ee4051809d862e17df9144300704c363f8407ef9f7c02419c8a5bc5da5e

SHA512
e17051140c93e9990e939d58e550f1fa75399e19a02dc9c8b32768efd3de1917606492e296493fc353a345b6a4cdfc06185513a7de5731463a6c780bdec4eb16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69a89f98d629552fca8fe64a65203fc9

SHA1
b66ee334f1217add8849b763bc13b584bf917e57

SHA256
58191fcaf66618c61499194ee9d747275ebe1929340d44e44b6b54f1bae4e8b5

SHA512
7b18fcf1f434fc53dcb3f6d12253910c78f63ba2e266a89ca8ea99c460682e14d9665cc0cbe606c8b0f2873e84526dd80aa8921fb2db11f78f09409ef963a3e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
326a9f13bb1261ecc4e79e21cf34e41f

SHA1
0c771a78f51a3c1f98ab040c8f0c1a98e321815e

SHA256
a86917025c45c7157856603ca078c02e6558201bd304a9bf41f416e9f674fd78

SHA512
975ec1cacf51a68133cc5d994a34ff07b88ecd1f28ca35921cc3b674514c04cd8691b3ab7354b0a39a2b1ceccdb0bbeabc468caf908b152cbba06a95e81eccd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f087ca84c556cdf377e86228f160e1b

SHA1
350f17ec5144793e5f43cb15e5de64f057683a69

SHA256
7724daffde1199a19f4d81f7254eba0ac9aba162eb23c1c983aa7bcd6911dd87

SHA512
8e806b450ef201f891a068e8ae0b74bc56a7465a7fade4740f2477a26f2cbd5bb538382371e8069777bb8c1db443af2fa1ff05a79016c4b094fe2d00eddf6df0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6dd6ee64960318ff90424e7b5781bb04

SHA1
48176cfd249f00f40a70487742755c59c9233e9b

SHA256
4d73e4710b973dd995a08abe80fcd6ae4ea040a21ffa50a65ef799fa9ead3165

SHA512
aed3408a6814ede177149d79ec551ae0a2a478ae0a6bcef4166a86122afb4f91265a9860220a04e29e77b2f3b23c7da1f31f8db50d1d8709f889b1f63dfd47e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1eb521b86981f8140c4874d23e79ce5

SHA1
da516ed12fae36373ee5ac3cbbe4c2500542f001

SHA256
40830b86cc459ffbcadef5db3bece05ea4eb8b193591ecf38de13a722c2e7842

SHA512
89c259b35227dbf8ad93d6b3e20faae23cf6e7dfaa54d28e645e580ff05cff6a8790ba21e37ca68742ae66fd4f47249275f2f91a087eeaa3ec87dd045de68a36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ee3694829e81940a277c248636496aa

SHA1
10f625290705982c98928dfa8417df0a58a9bff8

SHA256
fd698e0f7bfef771b059aa9beb3de20524ed9150fbcdf4514db2cb1568fce629

SHA512
019685ac1922dbb03690f4d5a187a99c6c31f3c876ed67bac64f55b0351c568736c3eb1c43e56723bd78ef1ebbd1b96f8f9ee2e35b647ddc5eb71fd17d2fce66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e14481223eac111f6689dee52eeaf2c

SHA1
a9743d490a60e4af76679de985531ad21bbf1e0f

SHA256
cadfd615d2fd11f77b9637e70c6d1dab0ce0b4f82865370dbf02c33c707710cd

SHA512
cb40199d6f7206285c8cebb56969b252fa672cef053085f242f5c89eed647399ea17de294a2da585b8edbc81e0b49cfcc08b54df683f62298095177b19188966

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35c760a6ec51c0f4c6d96260f48ee70c

SHA1
d38f8ca23f5256c12c2a367d4ca643b94098069c

SHA256
8f5a35db0ac1d601d82f53f69647a31300454cc804f8cbc53335fe1a59dd872b

SHA512
e92a26684abf9dbe5d025ca6a0c734e515d31fd69358f340accb72d8834127c3572d9c693bd4f1e2e1a7721c3976a1016f79d6c5fa70bbb147661cb37791d560

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7C82.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7DA2.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit