5931cd6ca16077d67a50d8a08e72e969f1ab90245ec3920fe81c906f8a7663a4

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68feafc075d8808065f4dbf89466c7ed_JaffaCakes118.html
Size

18KB
MD5

68feafc075d8808065f4dbf89466c7ed
SHA1

a7e2b88095d0f842b27bff08cddd352020c1520c
SHA256

5931cd6ca16077d67a50d8a08e72e969f1ab90245ec3920fe81c906f8a7663a4
SHA512

34f561338fa34df9110311aa86ca0084278cf13183fe5dbabbbe15e8ef0095fdb4507dd65e919bfc54c461a09f9a78f76b808879e54a65a1b075168cfee47f66
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIL45zUnjBhDl82qDB8:SIMd0I5nvHNsvD+xDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BB92CA51-1892-11EF-91D8-D6B84878A518} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422582263"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2008 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2008 iexplore.exe
2008 iexplore.exe
2828 IEXPLORE.EXE
2828 IEXPLORE.EXE
2828 IEXPLORE.EXE
2828 IEXPLORE.EXE

pid	process
2008	iexplore.exe

pid	process
2008	iexplore.exe
2008	iexplore.exe
2828	IEXPLORE.EXE
2828	IEXPLORE.EXE
2828	IEXPLORE.EXE
2828	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2008 wrote to memory of 2828	2008	iexplore.exe	IEXPLORE.EXE
PID 2008 wrote to memory of 2828	2008	iexplore.exe	IEXPLORE.EXE
PID 2008 wrote to memory of 2828	2008	iexplore.exe	IEXPLORE.EXE
PID 2008 wrote to memory of 2828	2008	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68feafc075d8808065f4dbf89466c7ed_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2008

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2828

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5188ac3ac62957cfc6299e35db496894

SHA1
729029fc7f41b167c4ce219f6de811c5ebd3309d

SHA256
496eab836ea19762cbe50db715a444942d139d6a40169b74790ddd502d41c208

SHA512
b8aa39bcd5cd273e0eb5980d3e833808817d0ca7975a765f1edac815d5d2e7b46865494e68e53e9c2ac8a97ffd4433278bd514780a6470c08f8e8049c839277f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b6b8e555c95027296482666be6d7144b

SHA1
be135cad58987497ad170b149a6133d2f19168a7

SHA256
b396bee0c7b9868be7dc1c889685af6c890a63ea72b3e38b51615b9b9eb9a57c

SHA512
ebaf28845e5ae538ae81c5f56bd363408f6704cb35141ee18ad46615b7abb471817746934f56986339548073b922034d9f5b2c2d869bab314514249854a626a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
51940e14320d8d971860f176c838f9db

SHA1
69034e311bf2d0b0a43e6ef98776b1b73b66623b

SHA256
f70e43807d4e96e168cde93768e0ee68247932499cd40bb43d53bd284bba46e2

SHA512
a50e71cafd98a5c332477e338eacc93ff997e12c94302f5b1b5964718c973e11f1c3d8997fbe68ed2bc1ec15306610a54d779dbc921435a4ba590dca6ab5ffff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
140b14b521aaa796cf2d4148b7a2e028

SHA1
acd4f2336afd5686281866368c3c8051615d8c43

SHA256
f00dffb182c6a73fc715f9981e797e8ec227f9d4fe728bc8cb2a7ce3cbc13c1f

SHA512
a4a877c63c7503910676093d2298fc6a026728796c8c071ad1c3eeb26da8f44c83ff24db9686e869d12c515d3ddf4b40858cf2360b330eb85a199a1d1dbd1b17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dcf445307c26e72350c366974f707aa8

SHA1
a675ae255e714b239567518e568a2c1f51d8b797

SHA256
5eb1948a50710fb1ae3e7bae650d885e5dbe8359e7b0c09906d22617601826c6

SHA512
c9864fd57b5899a43e71e2b8bc707e1bedca4af0ee7a241852719651a092dc55b07cf1ac88b724806091636330929a5d269f8216cc18fde8fadcff27958d64fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b0af67f4954a1fee0f2e7b0354652b09

SHA1
4955250a4e08c844eded8164567cce400d56083d

SHA256
febdd4c4b5785520773e26e94922682929947c46dba702ccbd3faee7946e009a

SHA512
b0002c9fabb580b0f858d3ee69655854c1b89299c444f3c17d9e928cd1d72b47a9d6bf7b30e7b90686ca68fc7517da283cb17d4e521bd052cb912684d5b0d106

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0c1fb24908d8fe7033916cf030f3cd44

SHA1
a651ef6111dc5a584fcaad01daa469ce3e3e3e8b

SHA256
f007c72da46e8f09d14069b46cb7c7b2d38e808b9cd1ae53a2be68c06ca2b75b

SHA512
ff6b65d1a34746b91bd8af21777fd6ce3278a68850e81930b8a58104b5083460af9bf5221f67e68953152b76e03705c9a1e14cc97b2572331da0fd493f1e5ac6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
57b099e2e5ff36a410fee89d01aae7bc

SHA1
06599e92916eec65b3e50e776b815a62b254d952

SHA256
097d0ce8edb8c83e9d326408cf7ec8b9f85d16638f59ac5746d7bb2d3e123c4c

SHA512
96cc9cba07b5b3b7d4410b28cf7bdf172522da648208467d4735e9e3fa1435db013865593286100b521a377d24664383eeac18d9d062db36aaf1f2bc6e9d0969

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dc28eec511448e152536eefd8aa447fb

SHA1
1afed4d93d1cb957fe352979dae5d7ccdaa1d860

SHA256
070fd3a7f557063b43baa3008f6e809f6652e84ae00f6c51c5cf7ab8c73e2639

SHA512
d579aa6e1212b4c51199fabb0a2c834c9e0ecdf9aef4dce47261384a611a3d5b446c009e47935affb39885850edd3542fc971e772e6c8381c38bd37130d72f75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
111bf59a68da16acd1b36bedf550b195

SHA1
6394aad335338064c3aa5acd5ebd564eb2dd8f54

SHA256
c6352e29ecc1635a3669253f354d94b82811f884732d0be6c15de27fa3ce763a

SHA512
72fdf37133bf55f75eda2156d66191192c38a517c402b5f06523cf27463a009bb73d4ecb9f3fa9fd8cf782090a12fa7f929241b1a07a8ec673485e604a23e020

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab147C.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar14ED.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit