639d9d3eb7c0cc3e5d7968bdd59fea1c2c41626bff16cf1753f94d8ed5770bff

Analysis

max time kernel
148s
max time network
146s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68d24ddfa7b162243ca6f967de6dd9e8_JaffaCakes118.html
Size

25KB
MD5

68d24ddfa7b162243ca6f967de6dd9e8
SHA1

3b4edae15703b4fa952cacdb3d17d59038872c2e
SHA256

639d9d3eb7c0cc3e5d7968bdd59fea1c2c41626bff16cf1753f94d8ed5770bff
SHA512

7ab015bb314112fb27e48ba4a50aa84d419786b73149d47f36dde0183d2b18bf6e11e8b066c8b0a91acfe11fa12a5019169233ed7b33f3b38dc7a6e5ddf8e0f8
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIh4TzUnjBhdn82qDB8:SIMd0I5nvHVsvd8xDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422577995"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CB09D1E1-1888-11EF-8B56-EE69C2CE6029} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2240 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2240 iexplore.exe
2240 iexplore.exe
2212 IEXPLORE.EXE
2212 IEXPLORE.EXE
2212 IEXPLORE.EXE
2212 IEXPLORE.EXE

pid	process
2240	iexplore.exe

pid	process
2240	iexplore.exe
2240	iexplore.exe
2212	IEXPLORE.EXE
2212	IEXPLORE.EXE
2212	IEXPLORE.EXE
2212	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2240 wrote to memory of 2212	2240	iexplore.exe	IEXPLORE.EXE
PID 2240 wrote to memory of 2212	2240	iexplore.exe	IEXPLORE.EXE
PID 2240 wrote to memory of 2212	2240	iexplore.exe	IEXPLORE.EXE
PID 2240 wrote to memory of 2212	2240	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68d24ddfa7b162243ca6f967de6dd9e8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
582e16fdd13a00edb984bc761abb0dba

SHA1
cd5ad761fcd174094c4ddb173e81d03b13b587ee

SHA256
2c0ba5a0e4b54caa47f2f0aea8c11048dfdcfaaff638709ac566779d6113627b

SHA512
2b135f765082663c195d0da1e9e2c3b7301e12968f432827f6bb342bd16ba091f6a05401dd370560e0a8ebdaa678f5cdf95f006caa57851c80f816147d414caa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ba36c5ba67ab9f5c07c59278183f251

SHA1
32631a683572d233a6e373e6c1428358e6dca63e

SHA256
204984313ff9c02ac52e1e48352610d17df00e3d73de5d5d43e460647d747072

SHA512
72271beb1e8b50144693c37f29e8b997f36b7685b2e08cd65e3dfb392f19963c6f6f8d9eaf73be950c0e3c4e8321b1baedcdb0705f6bd65b5f4ae46d9c5922b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4f9b070c84a1b3ca4b4a7106ee465b8

SHA1
4db658f8d210b5f495fcbde7dee8bb2ed37e5360

SHA256
8329387eb920a5a9b7c2ea70d42ee41d7b09d9fb40dbcdb603c3fe72679c00e9

SHA512
6f68311f36e2ac89f89a5fac9872e3ef38c69bcbbb7d042eaf04f9f6921ea1b2b7d34aad6486a9e66a4dc41c696e8e93cf7e6004e28d8984440a3702fbd54fcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
201cc63d0466fbcf100ed230d68151bc

SHA1
017f02690abed4f602f78c31e6fbba2ed9cf9823

SHA256
ca2f81ec65c47f534bf7b580f88f7f5f873f99cdd40afe81016a907f7125a01e

SHA512
dc68c8e72de7d5f8a88f9474db75382b4ec0745b946abccc71b3534a1e426fb3843f04afbe447631fe340b710962395565743612cefc45d399d3b7d781e7fc8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26b017d883345e0a8b291eb912fd5349

SHA1
931de9ce45ce50babdc351a33f2df02934a60aea

SHA256
20c3638972a68dbf1598e4e142f17758404f080c9eb2c8db247164df6dd84e58

SHA512
df53ffe209c43d21c84476293680769b1826df9bd06eb2a0a4af46b3182bd87b92333c006bd75aa24541d7fe8a162f9afa3f02f29a5ffba1fb66a34794bf94a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f0bb3a836241ab002ef276cf9651a74

SHA1
a5b32446250fa3e264acf02a80a6c7fb51e2bb43

SHA256
eba455c8e6ae29a70612c5e70b937e84f16c1dc838566521f6b0e5b2a4fffde4

SHA512
3523a6537f299ef0df2d29234ff6f89d4661cc6a92f0bb73ad58cceb3b0fa1eff84b59ff68e2919b4f0217cf0d91bf9e74f400ac321aab3dd9a308e234c26117

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da920868259d807912ae416099f21b47

SHA1
ebb1d9943d71572989242d82c5d08e9ef40af536

SHA256
bd6c7a273a1406501e1d645901d09dbf5c84e480d9f3951f1655369a89bd9b2f

SHA512
aca76c9d48ec207370410200b099e3d079b4e0fa3f165d15550a512df1e29576ddaa5ef1be580498884854c500a134a2d1af47e1d3d80202f372469edf12d9b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d13ea0ce49f3e3d28759f8a628ce8cd0

SHA1
f8f3a1f13b0e00fde0692c79cbfaff2f02855f6b

SHA256
b32194982ee995b20826359775e340ed1ffc443d4616377d3b8144e1ffb999bb

SHA512
e5b65e3b0ad373c292df84492d74948b26e250dbc2374931f864fea1195bcf22e23be100d95f9b7d3f6c4e6ecc94c6f78eabf40a8f4d1b51dc384bcd7963f3da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c02e7ab3758db23a029abe8fbe85b799

SHA1
6f75c9950adea43e16662e8b1de31ed69a1ccde6

SHA256
24e96acd0991e0b450882fd0671c4f121c6183b69d17fff0883b82558b683b86

SHA512
08caa74c128499f14edfa25f1a35a0624511ca1f2aef519446c4116ef7aff326fa490b79a357a61ebafbd2eb3a89b4338a538e3e919f7a9f3bedc4a34cca83b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD4A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE38.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE4C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit