c7f44fe80fa8dbaa5820e548d1e266be4b35fbf8604ebb7b79916ee609d2ad08

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68c21035ee700d206486c4baf63076be_JaffaCakes118.html
Size

140KB
MD5

68c21035ee700d206486c4baf63076be
SHA1

df50862ca80339328ff07e7d6749297e611e8879
SHA256

c7f44fe80fa8dbaa5820e548d1e266be4b35fbf8604ebb7b79916ee609d2ad08
SHA512

ba4dad7a5cbd494d33b30b0803fa982426cfca2e1812454e04a9de88194219471e68cb9b87311d076567e8992f8b106a3d0f39185b784f4a2a7736a0695a2070
SSDEEP

1536:zcZydlEbbA99YZHqRHHEExx66++IIddtt77bbSSSSccllbbFFDD998811qquuHHa:z/dlEbbA99YvV

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422576631"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9E242A71-1885-11EF-B0F7-6EC840ECE01E} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2156 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2156 iexplore.exe
2156 iexplore.exe
2204 IEXPLORE.EXE
2204 IEXPLORE.EXE
2204 IEXPLORE.EXE
2204 IEXPLORE.EXE

pid	process
2156	iexplore.exe

pid	process
2156	iexplore.exe
2156	iexplore.exe
2204	IEXPLORE.EXE
2204	IEXPLORE.EXE
2204	IEXPLORE.EXE
2204	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2156 wrote to memory of 2204	2156	iexplore.exe	IEXPLORE.EXE
PID 2156 wrote to memory of 2204	2156	iexplore.exe	IEXPLORE.EXE
PID 2156 wrote to memory of 2204	2156	iexplore.exe	IEXPLORE.EXE
PID 2156 wrote to memory of 2204	2156	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68c21035ee700d206486c4baf63076be_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a46bda6f230f0e2e3df658a46668c545

SHA1
72b666f0c4e4c23aeaea51c4f176d4e3ba3cc556

SHA256
439209bebc5a95233397e8452e1e231a7b2843b7796faa192f686462c7919b41

SHA512
d36aa90461a7e976d7d839770abdf33841703477245c79c52b2ffa4fa6a4161cf7d9917bf860d9cf6398c2fa2d94f5efdd957eb1b4952a1ce5f11f19e770a089

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e69363f416edb1e7f5a802f9b85303a8

SHA1
536a7df1be6f3253eb2d39ce20674d90bdce851d

SHA256
234b8ed26d11a88550375f7b42cc4905712a8dd2d2bb5a75d17f813016b01241

SHA512
0263f257441f150179e793b64722f2a44d5b9dccfe84d8f8cf1fc4e57901b53f2bfffb36f226f1906c67a1e7af3973c484feef5037717ac73a1b29aea5631b0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7390bdbeba3a4174a7d46d3aa42579c9

SHA1
778118ba1627062535a2e070f2d90a6048b4ab2e

SHA256
ca8ac06dfd2ef238f083de68c2d2c65dd9cd650978a270b709abf9f53860741a

SHA512
0af01ffed72de79c19678eb399d3ea934ade1cb2d518fa0d9d3255fc2247a0317c2754a750b743281d4f8cfbc2c2db3fc536e1dd6b6e2490d121dab77bed5204

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3cada24403c72af16d1f4dde34d5a01c

SHA1
7a126ed13ef66f962d499dcc25d1973d913dfed0

SHA256
b3634d5033300216016b637b611dcfa138dde1ea3d18761ba47899ef517e793e

SHA512
eea424edb101864d13ac98231cf2cd8f621b83124a4594f840c43020df2d92b251d639e6172fce177615166a289b86556d365ac2f7e864c6c9955285a9e2e83a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e1a66270d9327c35c07e7fd567e5423

SHA1
cc3c35aaf39a4458525bc1f7ac3e255f1689426e

SHA256
4f45b4526db20c11ffae8fe060df70cd7bdc9ae0cea9c30cc5365f07530dac1c

SHA512
7b7f184a0fdc9477849d02d2f381a8e08fad9b513f9e06028444d8d5be9e8ed997d1597b1ebfbe3a251bed4e0d5fd6a79408b3a737c35986e4d7bd8233c5b574

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58ed891ae9e12714156fa2cf5d36e322

SHA1
42c2f5ebf19c8781e26c1c89c51bd3d4ebb6dfa0

SHA256
35d6a361bb61103c505275854314ba98c45c5f77173aa7401b2d92c680c7a3d7

SHA512
2587f91eb968fcc29fa62aac0043c69f862071fb8d0abebaf425a11fe33e0015f93e6c54a9a66cf2aae5a1a362665760e820e8d320734ed6a78b27209a77f639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52160f260f4afa62f31fe9a79806c502

SHA1
b561ae1866d6476f2893fc0a57cfedff398cde77

SHA256
18f7d7ab93bf93efb967212584e07369b8e73e3b41d40eb45453807ebfcd3c7a

SHA512
36f478db0553aacaa4e4b9bd80dbf63df28fb0b7d375f41d1a475180d37c66629fecbe4159475998f9ce1be05fbd3d657d7bce2e2d43d008613d018d61cf22d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3e4a88287f6d02e7d25f2d3918b09e3

SHA1
ef3421d07e1c2a32e5c2ebf83bbe6d91c2f30b7f

SHA256
2fabea0411c761a2792e5440d1aefd2ab7a3c754c4fe7de02d08aa54e5bb89b8

SHA512
9f9a31d863eaf720b942f8de8b6c5923616076bd973122ed9232b80e0e8f38c7068b7cc15d6adc61e0b5e154f41671404346a6b8b8ae91544fc320d04d149483

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
846394cf58e9fb244835ee3214b223ed

SHA1
ab621b11dbc0d3e08050d83aa172061867c0a970

SHA256
3849e30e8b5f00a254f505061c3a7154822e137ce56c867bf39956f7239aaac8

SHA512
68e6b792f5de4c875baf83f944c363855f99f328d127d97724fb87c6b745d11c7b7ecb268e5708e281dee2c97259aa24250822586e043c4dec992cd925272686

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1335.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1426.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit