0125463e9339a3b8156120ac8d37828f7e4309c5a976f3814b29b5bb83725b3d

Analysis

max time kernel
144s
max time network
145s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6902b0c37f871519a16cad9130099a97_JaffaCakes118.html
Size

100KB
MD5

6902b0c37f871519a16cad9130099a97
SHA1

1e7ebb926e28f0a0bd9a546ecd589a9dcdf9bd7f
SHA256

0125463e9339a3b8156120ac8d37828f7e4309c5a976f3814b29b5bb83725b3d
SHA512

586b6977ebe9595e561babe753dec43aefae4c0be5b39b08d1900e045bb9c121b094fed79c4792ce0fa44cb97826169dc3978c52972b5f7a945a3c7d441a471d
SSDEEP

3072:46phiNZ75Vst3Srfu3Ct1bN7u7oSDHZmu1SeVFquD6I1r+UJ5lNr7hP:4D35VC3Srfu3Swp1SeVF3D6I19

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{83D4CFE1-1893-11EF-A4F7-5A451966104F} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000f9f8e7639d15d3cdc86067f1cc594a58eb14a3a0a65b3199e46ed2be5260afca000000000e8000000002000020000000fff6188704f1748569a74f9042d747f7e1f7979d7c665a80cdd427ec653124d1200000003042d874bb083e5cb1f20fa0d2619ed00b445716c05dd8d8f25e11af1ef78d72400000002f71655a65fdc50745dc476be37169b282e82524a9bc28ed890dd6438438529f597197b163960fdd6cb1d7804a20854868795e942691ccdf6a5c29bb0aa3d311	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000003ced78b3bd73e02a68378b1c556b494cc94181fb40e51949ef187512fb9d7b6b000000000e8000000002000020000000b0872768f36495fed052e3e8da25c632ac77fda1422a65f513c24b97b1869df19000000080049a0a7d48117d3e2c0c04c01294a7d2971c9c45b0902418c7ce9684fbb9f0058a0b6f9b853a999b0f59ea436eb7544d79e32754b2433cef4cce23cc88aefbdeac8f860a0b704934b7ea78aa75a548f878fe3edb34d68297cd79bf9344df0c8d03fd6e879920d0b233562a6fc01d3ba30a508fe37b5e5b59310c780fa47de6d710ce5205f95a1fe34087f2ff5f96e3400000000054c3abfe1a386200634334719780608b50621259577b32d68fa58494f8baa3b003049ee75023258f11242dc9a24ae2cc4c3e5c56305760497fdcf7bd472820	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60193767a0acda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422582611"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

IEXPLORE.EXE

pid process

1968 IEXPLORE.EXE
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2156 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2156 iexplore.exe
2156 iexplore.exe
1968 IEXPLORE.EXE
1968 IEXPLORE.EXE
1968 IEXPLORE.EXE
1968 IEXPLORE.EXE

pid	process
1968	IEXPLORE.EXE

pid	process
2156	iexplore.exe

pid	process
2156	iexplore.exe
2156	iexplore.exe
1968	IEXPLORE.EXE
1968	IEXPLORE.EXE
1968	IEXPLORE.EXE
1968	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2156 wrote to memory of 1968	2156	iexplore.exe	IEXPLORE.EXE
PID 2156 wrote to memory of 1968	2156	iexplore.exe	IEXPLORE.EXE
PID 2156 wrote to memory of 1968	2156	iexplore.exe	IEXPLORE.EXE
PID 2156 wrote to memory of 1968	2156	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6902b0c37f871519a16cad9130099a97_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1968

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a48d5784dbbf4f807ebc6435409fc246

SHA1
be5e033afc6694b7101d01c423ad952c9760b7ab

SHA256
421ed232b6f8dfc1bd4ffabc955616cbd06e302ffebc95909696e8f49d9a7dc7

SHA512
e90f1ad39f9ab87513ae130269fdbed3ad089541fcc15c185535c7218804fc1723f77280b4218750836c87b4e4e719714a99cfb4ecff064cee2116aa1979af7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7a860a98b788897e8f5b4a6f5227f017

SHA1
480b27562e080c8fad96b071ecb4790091558dce

SHA256
b94c20f60e863dc91bb19769081788ad90705bee01a36c168ba96b7a4970871f

SHA512
54cc7b25f89f63d1012162f2816276333d8a97f556c65abe6833e2345b78c5bf950ef8dd0e0f8044f24fdb9e368f4df941654a6088538e2b7032a781316e9e35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2e86f5242b5c731a61b3a3887eaa8d0b

SHA1
ba5df519819269f27d9744995253d2bf948bc5fa

SHA256
60b985afdfc1699db8fe976dcd311a5ddf3a064c9aa94dec677f9268317e0a5c

SHA512
17d22df13725ebe90fff29c903f2b10222069bedad7d8bf8e6812489f93d6bdc25ac73ece4798730244288854ee6ee8d3a783dfacdc74e797cede7ef0313f8b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
87e31ea41b89f38bf51a04c78d316daa

SHA1
4e2d7bcbdefc0c94a678ec7d2b799be13902c7a6

SHA256
8547e16988cc27c36ecf3d78f24962f204fc88457f4b21712d965193addb4ea7

SHA512
e16e0841914586c69f7b86cb656f0a6161d5d21761a3febd323f4d0e3f707a65ca326a41da437d9b0a9dbbccc4ff4c5d210d8e47e8ed2276b6d98812d246a919

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f6cb34d75954dd6ff7972bfeabde9866

SHA1
15e9fdd36ba91202666a5b76e0ec3decdc6b534c

SHA256
2928724fec0df0764fc504a6ec0ad523f8259d6f291655d0b4c0db704d1e8d88

SHA512
284b6d3639316d7386c8ec661fd61e14a0e35199bac8fa720ebc39e22ec28e676c3853eba5686bec3e0f24599bcf3544c78a52bb147b23564dd6b211e4f4f8fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3b23bb7fc5145e5481cc40f4babdff3a

SHA1
fdde4cc8e144bd08b7a7ebede0f3b7134516b3ab

SHA256
958bda1c8e8bd9161ed6ecef9756350777e0ae552f791d8b7c34430af24afbc0

SHA512
74e09da5a3cf1f506912909da4d867210839d2e84060e1335cae0a7b84d310d8531cc9ad71c4800641aef4e6d82016b4ef36f01687fd11522c61538b02f8a6c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
23a57055b4a95b01cc8bbbcb38f5babc

SHA1
2e8bd3262926b341ab78fffca37376f1ef3136f7

SHA256
50d8ed2c20b15432b3a385d4b29708de7a39f56a0782d9bb68f851c4324fdb9e

SHA512
b7d660532fa9d3a7423024201a33274268ad9274b5f5215d49ff2855d3326fa8caaf982177dd980cae4f9d702cd21cfecd4f265fcaea9fb5e1a0988183bb3d9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0684ce63cf2af07c2e08035aaa462d2e

SHA1
bc7a694a8c12c6b1f35193d12c700bf4f3c40c9d

SHA256
df5a4d31376e35b5a9bb6a7118a4b1d30c76f59695672dd8caba70e72a00793b

SHA512
ca21e8b933402afa23378c001a7431a2347d8a9b7aff2ac2cd5ad86e563bc49ea73cc4f11c6cc2739f4d904df46543d5e09706b8875bae326f84f7db816e4b06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
92b3fb86e4b02a9add143e1ef0eadbcd

SHA1
2c2634102fd806407ded4771fba4e48fb8ee03cb

SHA256
fdd1b985be2fd7c40c5ac8db31ea05714c922ca46d747d8d32e6a2a69dd6154c

SHA512
4088371293286ca90ba96abbefd108b43c3ce0bcffe74cb2b3c5ce5b8d894bce7efb17c2b319edcb052bd65b4463894d26b67a17ece95f34948adbf5699a6e96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c96646cd5a8564889be00ca4ab129e39

SHA1
6454cf1e9910aaec255ee4c34e0dc11116dfed38

SHA256
3ca996c8c9a75b6e0c6328025eb525b3010368f5255f4fd0353cd8d46a5a0de8

SHA512
bb81b9acb03dbce9fa96f7b15d16a839f681a15c23d446903f5099412c2f8dc5627e512ec9470533e5856e5faa1dd885992b20a6909e0d341764224794e07a38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
43ac2c9982a3b1a06f634d28d8c185d6

SHA1
8b54037665172825157396272b3d60d14ef8b565

SHA256
98eec30a5e36112bd64748882e9cbf252943c4b13b44fbdd1ac99d052d9b552a

SHA512
a0f233945f500690eb633059c8ac0ce1f1522d5fbdb7369e4b8211911e49239c7a63b8481355d5a12a73e49104d9b891ac4ba5c1af85f55b598c4c40d6511521

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
87e514549340369bf0d585fd6fff3084

SHA1
6c317b973b2a215d426d45bd0a652f33996ed79c

SHA256
ffc80ab4317e9df37358749507bf9a006f6613e3a3dd32b9d04f8889dafd6262

SHA512
1f39799f2ce8a0f66f1a2ddcaa6b472e00a8a968b01433ba49630445da765a4ee245f6de0e0b3eeddf94fd6ff5c9f9776db36784e69465bb425d1a7e5b7d56bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab95CC.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar95CD.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit