0401218a670773770fc1b7021e39b2b24478aab2f8449b64ff4f043d43e792e5

Analysis

max time kernel
140s
max time network
141s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68e26c90350b4fd0e92e5f7137adee47_JaffaCakes118.html
Size

5KB
MD5

68e26c90350b4fd0e92e5f7137adee47
SHA1

d087b7eada0fcceefbc5ff432bcac0a7c6ec6705
SHA256

0401218a670773770fc1b7021e39b2b24478aab2f8449b64ff4f043d43e792e5
SHA512

fbdc4c1d1b3659e56f224cabf8c33ffe648934546e1fe1fa38f601b583abb4217d64e4d4f9bfb7ee29ad0190d9be2581025b031cdb52ddd8858a496c94e970fd
SSDEEP

96:t1dfa1ba07LO6Ii8qCu1dfa1ba07LO6IiKTAOZ9Pu1dfa1ba07LO6IigHjvZ7YvR:pap7qJZeap7qJfTAQP6ap7qJTh7sv

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F39C1FB1-188C-11EF-A585-5A451966104F} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422579780"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2740 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2740 iexplore.exe
2740 iexplore.exe
2608 IEXPLORE.EXE
2608 IEXPLORE.EXE
2608 IEXPLORE.EXE
2608 IEXPLORE.EXE

pid	process
2740	iexplore.exe

pid	process
2740	iexplore.exe
2740	iexplore.exe
2608	IEXPLORE.EXE
2608	IEXPLORE.EXE
2608	IEXPLORE.EXE
2608	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2740 wrote to memory of 2608	2740	iexplore.exe	IEXPLORE.EXE
PID 2740 wrote to memory of 2608	2740	iexplore.exe	IEXPLORE.EXE
PID 2740 wrote to memory of 2608	2740	iexplore.exe	IEXPLORE.EXE
PID 2740 wrote to memory of 2608	2740	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68e26c90350b4fd0e92e5f7137adee47_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2740

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2608

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1a69cc5fa0bcad9951fa75fff7f2f153

SHA1
5f35574c2e2c2dec86d5fe5a650b942e9f50121d

SHA256
2685cd3ca21bb8a65fdbd7140a82297f8bf1543d865d74231c78cc510273a5bf

SHA512
9e216451dbc162dfd456b2ea2dfcfa15a8be938baaaf8b5945cde6f746f3c51675092e43efb9ffba1d536142ebf8f5c6699c2e2e016c786b28d259cf7925aae9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d889b562eba849d75c21d8b221d4f849

SHA1
cf3e72f601b87dc5e0de321852609661625cca1a

SHA256
4dd56a57dbfeb87500e4f95ff5b6661aba65a6a8a031de8defaf1f66aa73764e

SHA512
3dda776bc12585c69022df6ff11c6d6f5462eb5871e2bfb1cd1b3caaaafe08a35fb6365c780a305c7789e6d4d72280b1b5d06cb755ff8120d18ad07205f9caf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8b6e51ba33750c52c079d50068b4a593

SHA1
02faf6a3d0e55608ec0b3bc343045a884c880bd3

SHA256
ee999fc684bb9fff4a12565f907865562cc528565a0e046c92b3bb7fa54c3b39

SHA512
f71427e7d49e65d1357dafd6fd1532c9ec7dfb9e443a6865d796797b5ae1e0e6e6e6f4c29fcb53b74016c232ddb92c7bf5d6904bb84d72ae8b7803187cec5c1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
427f69b8dfd3bcc62e8db437f5953da1

SHA1
879f72a26ba42f68ddd13f3b1f94b63e2f223d9f

SHA256
eb76f8b5e5e855f69ce17267170534063b381378439253ef3ecdda2e2aa64e59

SHA512
728c360e4ae77e63348e5b81a6864cbe7db6257c96a139edd41875197a2b5835b38df09aad4d947b44b9a717f7c0450100b7fd7bad0c7123eaa7071c790e5e07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
758fa6026840681278e8a57e32559823

SHA1
0598f7f630946dec07798cd7e020bd801a6fe1fe

SHA256
7243b70cb10f204176564e9a1fd7ca2344b74e0cc9a7f859336b0a0f15fc94a1

SHA512
c9dc5e54d099d095d69a5099697f05ae5848d3975b7ecf7b5c71f7bd8a2835b604e8802ef0126db36bfaf587b500424040e49149215a6439e5f64d28a610c01f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5230eea287413c461c7db427a7318a44

SHA1
a35fe862870429451ced7ecade89abee7b0e8113

SHA256
dfd9d8302447718ad4d76e0db1d72c22c0a5505a43fcae449c4023117a2f53e8

SHA512
bddefa64fe17c753aca60e2ac151419ac8d83f4ad4bf4e78a774a62e149417d6d5ea1e3e2ec25ec2f31f6700b1d18c456af707207d54d4168528c44aaab722ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
433019e1f78f4e45ab8f43dbf16df919

SHA1
9b9b9107970509fcec7ded0933a13367d6237f33

SHA256
256c4f36aa5a1f9ddf4af0a66b477432b857bc7ee7516e1419b355f426145a26

SHA512
fd316c2fdfcff63b72e9573f1a86a073c929322f167bc398d4f92ce540b40185f938bb1e521ac1b8f80941e166c5abd7401971932d7c12c40bc5d8c6f90537bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4e1a5c12cd099a976968a1c7e4a27eee

SHA1
b10f9ae194547ac2fc5c1eba31ca6009ac7553ab

SHA256
ec95c4f9b18009013fa58ff6540682a32724cc1d4bb0a3dcb6e25864c646e883

SHA512
819bb8055aa49e32fcc6ff0fe9ff9d7043f39078d518dacc4385ef98630876637d3ff093243500bf61fed31698c480423f917f862d017330ad50ca7773faa048

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dcff2c4fbbc562b725b504895b20718e

SHA1
ef224d39258bdbb65a9c53d6cbbfe7a924a05f79

SHA256
aabdb4369a2ca45bc562b41c96c28ad36454bf57bd34d4103ce957e0a011ed9b

SHA512
986d14a71c1ea8f24e0370cf6460a62df90aa0430676d42c51707f0f1e8b13838b72be6c923869ed74db5de0d3fcf1431423c79dfbc85f02c7ad1aea3936fd63

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabED2.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF32.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit