55bfeab0a189d7ca8bf6f1f856171b18d9413e087aa5a419562e40c8fb4e582e

Analysis

max time kernel
149s
max time network
146s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68f97839d43800471c65c6989d4e107e_JaffaCakes118.html
Size

19KB
MD5

68f97839d43800471c65c6989d4e107e
SHA1

2a61d40ee2d041564f3d93728daaaa924ace9364
SHA256

55bfeab0a189d7ca8bf6f1f856171b18d9413e087aa5a419562e40c8fb4e582e
SHA512

9bf1df90149b139b079b4244b9feef633cbaae6f13da1ceb4ebc6f2f27ae4005f4141fe56f8bec22cce3873961f3ebf57c068fda0d4a1d03ff7b6bf9e9cd3f03
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIQ4KzUnjBhG482qDB8:SIMd0I5nvHXsvGLxDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{804F6C61-1891-11EF-B8F6-D6B84878A518} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422581735"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

3016 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

3016 iexplore.exe
3016 iexplore.exe
1748 IEXPLORE.EXE
1748 IEXPLORE.EXE
1748 IEXPLORE.EXE
1748 IEXPLORE.EXE

pid	process
3016	iexplore.exe

pid	process
3016	iexplore.exe
3016	iexplore.exe
1748	IEXPLORE.EXE
1748	IEXPLORE.EXE
1748	IEXPLORE.EXE
1748	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 3016 wrote to memory of 1748	3016	iexplore.exe	IEXPLORE.EXE
PID 3016 wrote to memory of 1748	3016	iexplore.exe	IEXPLORE.EXE
PID 3016 wrote to memory of 1748	3016	iexplore.exe	IEXPLORE.EXE
PID 3016 wrote to memory of 1748	3016	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68f97839d43800471c65c6989d4e107e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3016

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3016 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9655a814d568417512018a86622b50c1

SHA1
20a8a87fea075804f2f756f761afe680b26c4c5b

SHA256
2e3a636db90033f160ef436e576846a2da3a099b97c2177b47f539bb2678fdab

SHA512
b924ad758e79d137a6da7d212d7c9de3a276b67f31e360ffb653f417636c336c3e21be4fbf6f3da85ed5def2f59948ddd026d131af2b3f52690d6b5ff5203aa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2440ac20d6651c296d68d1789ae0e60

SHA1
9d0ccd771d04f18e1ebc0717ba6c3515cb6aed67

SHA256
0acb35e11deea19e3e45ac897557527a8aac006b53ab6dcc286d2433625d4c19

SHA512
cb1a127c44338e8ff5c43219d4f120b0f53f73bc8a5286a6dea33b5ed01aa004d14915d59b83f0ec1639c220d24955142865b253d099dd6d4e96475ceaa0409e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a2f2dfdef391079f1386cb16a647492

SHA1
dc4911fd8447fba175da8ffc0b3e047f4a7c3a08

SHA256
8f4fd904c57782dee1f5b585b8e5820372990b5d02d9388c8f06dbda9623590f

SHA512
ce4efbebb651f2c3d86cb8530c3c0780a8024219469e86f5b5b7ab14080ad5e3be71316e2aa64f983278a2e16b1160ff9233485d1fd58271f34ed3f868ac2061

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf7f72055ae51d087cd7c58a07c4370a

SHA1
65c16cf7bd82d959307e23b8743b53207e77be64

SHA256
753f4937d05a41e5f7562e790a94d41e11dbc6b774939b92f025882086dc4776

SHA512
419e5bafdc014708ceab3220d2e2534399e5ff3842151c5fe16968ad26cc78153704f8039f5f103f75e5135cf8724789517e9f2daa5f5498a197a2ea59320b5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
347a36cb1716ea3bc391a76828ac91a8

SHA1
1e98465e0a025e3bfe8144127d31cbf8da40f1a8

SHA256
561de4d0ee030dfb6b33491c4a5b2ec35129a1c5bf5d6cede5619009d8a3c70a

SHA512
663b1d724107dd1d7738a1cccce38c6843351f69ef989712b19b1d36bedbee84f4aa6fd5e51d9d6788e357a5437ac7e8cec9541412277eca17d383279259397b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
847ede70c822ff260bcd1aaf17b62c16

SHA1
2555d4032d9480b80b7075401e5098882b295256

SHA256
c43d42132b489050c52fa199522d92a1a4b6741460fd3dad74acc88f50abb188

SHA512
95f8ec4b32719f3185a3c16d465bd095814beeb9bc6f9551c76d32615c304c89ef2d20ab0c93c03130d0b3fff4d231c16435abeaed3dec4aef373e38dd272667

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bcbfa306d552db1c48b2486a728ccbae

SHA1
3cff8e6a0abe80c23dc81758b9f682d73399883f

SHA256
f37d3f72498bdd9997048219356508943022a0eb6b0aa898e959f3051a84b7e0

SHA512
826c22c3245e4deb8f81634048e1016794196c2a451b2a43586e15cb8c96f2c3c62706864c3aee18724944886af4c789ad0beeb3cf833b550786833284a2fe0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70be5ca23df9edb1ceb44b01367746f1

SHA1
cfa36c99ce72505640078cc7c84bb5fc0f49afb9

SHA256
1044566227e498f27d74080c4ccb046fb8ef4e2307334c6618f180e352ec77cd

SHA512
a309dcf50c2b713fed1895d96f4234d0cd83adba6571d3301c8a499c34288e0bc48f5f2af2f85979742acd2e941c53b5654652c04f905004445c4e08d538315a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bfd26539f146647195d8e4854d5012f3

SHA1
af117f6f6a492db6bef6dfc606b6c27d6a3037a3

SHA256
e451eac136bd7cc0c320ba559be4f5b31a88488562425857eac56b2b6eb748b5

SHA512
464cd136c9214e7e81168e9dba4659804a50871fa1979076aa21ad43de44d17778123cbe99b30a21c879aaf1c4640ca0417da4c63fda88ee326e8623e4eb27e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a0c3af6c20cd59da66190f431c61ac9

SHA1
871aceb7a5460a2deb6fadc91e6469cf557a2481

SHA256
379faa74911918817ce964fe70a5eaa662883bc03368a7f1e6b4df435873c4ef

SHA512
f728f558547cc7cc334ad9f15618c0efdf74e8105b59853e492eeaa3b425d01d9ec161a21a22d49131b01bd7733643fbb6c2bf634d23461c2fa5767f0eee570c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1C68.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1CD9.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit