55058c922b02339244120b0c3acb069e1b6bd5a4def64de86406fd1e35b8346c

Analysis

max time kernel
149s
max time network
155s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68e959260fe67ddb69be8beb0c2003e9_JaffaCakes118.html
Size

18KB
MD5

68e959260fe67ddb69be8beb0c2003e9
SHA1

26053024bbbad5071ef1963f00ecbbd007dd7393
SHA256

55058c922b02339244120b0c3acb069e1b6bd5a4def64de86406fd1e35b8346c
SHA512

cbce710f2ba5d83af27ea4c8d22839808c19ba8b340d110a6b72d39b2115e53caf77cef6a8d5dac83251bc913d7bd544bf2e488f99addd01bfa822edf8d4ebed
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAI+4ozUnjBhMm82qDB8:SIMd0I5nO9HvsvMlxDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422580228"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FD440721-188D-11EF-ACCC-D20227E6D795} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2216 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2216 iexplore.exe
2216 iexplore.exe
2864 IEXPLORE.EXE
2864 IEXPLORE.EXE
2864 IEXPLORE.EXE
2864 IEXPLORE.EXE

pid	process
2216	iexplore.exe

pid	process
2216	iexplore.exe
2216	iexplore.exe
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE
2864	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2216 wrote to memory of 2864	2216	iexplore.exe	IEXPLORE.EXE
PID 2216 wrote to memory of 2864	2216	iexplore.exe	IEXPLORE.EXE
PID 2216 wrote to memory of 2864	2216	iexplore.exe	IEXPLORE.EXE
PID 2216 wrote to memory of 2864	2216	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68e959260fe67ddb69be8beb0c2003e9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79b9eb2c598863c677e7c105b4d07c95

SHA1
5eec954ca1f6da1e5d038c85ab2bb69a3a34c5c9

SHA256
16a79dfd3142d881c091656d6a39394919b3ff40d836b02f0c2fdf46b8e90c53

SHA512
8f6aeb798d25a9d7ab062b7fb00731861e69762b9057be1bdbbad4be22ecc839c03a7a7c0bcd395f88c36056f81e73c73d1c41379c4b781030e4848392661281

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20e4260885ab006d758dc86478449d5c

SHA1
6b180455f6a2b60bf63b8c1fcf7ee129de7e6061

SHA256
831eab1074c6c290f47ba5646c54a5af8263030c0d102280cf2b371e00c6a347

SHA512
175c66bf4258f874b9b4959fb9220536073c32b7844ca245848cd1406c35563388bdc7ab9a862ca303082883e8a34a4e82abe3a6ab29efa57af16e1e562c2faf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edcb7e14f116d8d4317cc3633bad58fe

SHA1
998822e5df00f72744497e6611eeb09d20dec9dc

SHA256
3fab838dff0cc13f03b391843448b8acda3b864b1e70da26cb6944be94f762f3

SHA512
fe9767879d48143eb517bfb4dafa6bb98d6b6937228c3562532b0bf9ea260cb18b8d022f6911c870060c72bc72a368a8998d00dcc68f22a485b3eee526d1bfc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f5d92819dc0b4f3302607b6f8528b63

SHA1
39ebd52ad329b287aaefe0646a3f79701ed1e453

SHA256
2a1d7e1d392864652c9e6443668bbf6dbdcc6abbd19c4eb64afa58da4787c73e

SHA512
2ee6add77af3ae5cc19872aa8bb4f35df244a561737d04c18836f2cc399dae4a8ffd7635c08dbda07b8698a72daf5ae38fb6d1a5e2d1f904b07a6e7b5cdff287

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a07eaa163f7c7b500c66045204d9714e

SHA1
f5c42b7673461a59ae3f600e844c5c60b13495a7

SHA256
5d12e01a76a677e95100a5073a7343bb38eddeab64556867666538465ce7800a

SHA512
db1caa3ad17a084ea8c0b046816f6a3b9a368a885b4cd6988aaa1dfa1461dcd48b2c35edc777744e68c8e5e159599b7de4badee1c0af8d8ecfc83f5df309d443

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df71c2dadc1db4753cc6728878343f74

SHA1
7bbcc6d92dee513db2fbb261f8e05fc1b43c02a8

SHA256
95fe10ac738e82b8fe9550b6bc78a831f393ebb24a86b815fbbb0d06da785ca4

SHA512
ca38f6c463667d14b01f9c8c3aa8fa18d9eed27821ea6be1005c429786fea1d57a53abe39ca0c6de697267b6ae1d20d2c983ce3a354c059f94f930e6fcf304f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
756fc456ef46227db95fafc928060810

SHA1
9c7f74090076d5646991798488d93e44a879c4ed

SHA256
c6ddca9b21fb3d2b5f3e20fe8aff236446237238e15a8d4daf491377f3bf501a

SHA512
23d9e0082b3cfd0b471597187eb6259a9fb6fbb44534058a03dd43bf80b10678649f6a95cd3cca9ce87606882e6a42785dacf9349005b3942a27561696311cc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b893ca7b9bf160203641686eb2ff9427

SHA1
9fa477c3970822f27d40fa6f8933cc095cc6f040

SHA256
33bad87b5ccda01a62565e98fc37efdb13a1e9d379a3699e1f0917c5c018034a

SHA512
fab5ebd6cb311f024f3d48b1acc8a5a0f00e8c8c2827d02139630ce818873283580a3f0253bd16c659465df4d78fae4c661b56100030e932e92a78bc38398cb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a24ea4bee5717e76044bd66c50a3f4b

SHA1
b976c386ce70b7a96ac9edaa8dc850276ac0a11b

SHA256
7cad26b126fc8d588cfd161df744a10ad04ed938b179fc862008a750af63f4e6

SHA512
bc02c04e4ae09cd3a4ad6f5e20fd47c0263c1ae5c749517aeaa7747cb27a5026c2a9e66433934b88b666a2e1390fbac8cf5cef21c457e4d394b83ba433e684a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ea3d491d34101c39513881f59b79958

SHA1
db07ff9245e36fa4e3367f19af1eefca94480135

SHA256
9131d5b28215755c7993b11192bc25932ed5c380f5e6b7df3b4cef0bdba7d41d

SHA512
bb754c907c63d9a2f3fa163f26a630f7174dc9e566b486fa8d128605e4667462609cefd2df9b5916618a955a82e121ff17910eb18f0127477778c9b018224d93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6AC5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6BB2.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6C05.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit