b1bd7651cb6ae9870456f9149e12ca3e32cf1c27f12569057001071f80be996e

Analysis

max time kernel
133s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 00:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6567db68cb02f6e42939fa53c574ed40_JaffaCakes118.html
Size

18KB
MD5

6567db68cb02f6e42939fa53c574ed40
SHA1

41e4add12ad5dbee436981b0be5a99df2339c60d
SHA256

b1bd7651cb6ae9870456f9149e12ca3e32cf1c27f12569057001071f80be996e
SHA512

1f2d15811970e5ae713ce94f65a82b6e953ab17bfeda7b2df0903db403e6b8f27b34d2c49873ee9aeb1742ff4d2b59324af0efc4389d2af89d71f4236c0b3133
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAI446zUnjBh2Y82qDB8:SIMd0I5nO9Hfsv2rxDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EB5D61F1-17D4-11EF-A6D5-5A791E92BC44} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422500742"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2264	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2264	iexplore.exe
2264	iexplore.exe
2040	IEXPLORE.EXE
2040	IEXPLORE.EXE
2040	IEXPLORE.EXE
2040	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2040	2264	iexplore.exe	28
PID 2264 wrote to memory of 2040	2264	iexplore.exe	28
PID 2264 wrote to memory of 2040	2264	iexplore.exe	28
PID 2264 wrote to memory of 2040	2264	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6567db68cb02f6e42939fa53c574ed40_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67d7ce057eea2ab121347b7adaf2baa1

SHA1
b86f81a3474131894daca005b3e06d71f1155c36

SHA256
a10529ebbfc36b4e416d3dc032c86100d988a1e4ad0e740acc0dcd20f1ec12c0

SHA512
8301ede146bebf7f2f9e8bce32c3206612f7f510918b0211db2048fec7caa88ff940e7184e4d45ca3e1b3f537d58c9edfe44781d5cb692c832623a1a7275abc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7ad151bf9ac552eaefb3d51f57d0c96

SHA1
d8a5c0c03bd9a18f3784815b2cdc5279c1795e65

SHA256
6af337288e352bec67085d32b0472e8de262ddad2318f409cb3baa871bc1b939

SHA512
122abd0cf6f8c0ac3a84f60e1c2d5f8b700b5f20e66c857b06351c3908694125b9c519d271b9944488c8b4f8fb294c9bb5dc0fc7c61a497722e9af507bbb3824

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9f574457e23bbc6ef45edd7336a45c3

SHA1
13ecccf37e4e58bfd6e574f7be93b0f7db9d7d23

SHA256
f8d85ff14026c310e7b39f5ff53cf72e5b230d2aa2005e1d2fedd25b6707377c

SHA512
aea60ab48b47a1197107db98c4b5da13e50ef4ecbe81c804d4b6e34c9a2dffac090e30a88c114ff39c469abc9f000ac2d40e95b8ac024a56129d2bdfea4096c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0082df05f55d8725287ea56057483715

SHA1
58f68c6b8241c20df78b51e8d3c439c005e0e911

SHA256
96fcbb492588ea794f46b28e638adc147463e41bc7859124d6127c77786999b4

SHA512
c499ea80a46b8365eb8078859ad7f2653fce7379d8d89c384f3fff197e9ba07b026a300fdad5e1e9f3421780fe426c1625a33366acdbadaecb7bcbb6e5cdc465

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bdbea47e774acd13dbaf5eb17ed98c45

SHA1
0315ce97906a27f1a7879b67d6ec3853a75f888e

SHA256
06418a43fbe920b9269ab2d60daf929e67e459b543426c5099afc50eab871ba2

SHA512
69ae8b37b3b5fa273fa30afb043bf302cf286dacb39c380a98473292826f10dd133d628ad0d9d03ba487fd916ac411829b9b4c37b229c12db3685a3db8507317

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8599824a41d951802f6ad7cde6db7ea

SHA1
9d69822d2542bf8a572e2a10b3d299701af7da7f

SHA256
ab0ec4e4c5e661b261fa03e62ed5ed4ce634cacefb631428645f0e2d6d5ce7f7

SHA512
8e33ce3e7eba15f2c75730b838ce6a14d474639fc975bd8537e439ef6bfd43ecc232da66e94f715384261ce5b727e3186d11c42e1987a8d630c8cee8664aeb58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba5631a9eb06337098cf05a1ac304788

SHA1
e1f164228067a300477b276eb5a4b61622ba4069

SHA256
04fd2ccf9edc6d66ac9d5dffb9ffd8cc13754baba485af0c880b9ff7c6c8f1b8

SHA512
a7f313e81f4465daf150b58171fd86b9ff8ebcdeeedbfc373c9f2453fbb8aa83f3de65d4a44084bda9d735fd6d1ed63985b25ab7b22970977e7ce71013df9776

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c43ed0170385e5cac7b98cc822b43da

SHA1
3d44697564873ebafd4a38a492824e393651ea6d

SHA256
d32ccb9c582b944b39fc157c11103c3cc73f0a205d01baa44e77bfe50ed0d27b

SHA512
e155da4cd9c58467efdaf22298b9401302d09f1043c02c1c4e04b16337d4d61c7d30068d1fd5e3c560594043f41ae3fd9134aea03953bf60b1bbc5ca5d2d87de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89d30e3b32d2aeb13c2f2e24a7599794

SHA1
03fec4947f45e3d371df7b4672fab9e6df60aa8d

SHA256
c9b253366a9525cd33a3e7280bbe3e841eae576dec145854bb611103c007ee5d

SHA512
e3e6741bc266c5a5c39756cc3eff64e58513ea5771af9aa9b2d56c40ac0e8a20ca89a02f3e9d39963babe7911453e035d214d87b5d441ea11ff841e895ccadf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd0a89e9840eb8b71ca15290b754dd83

SHA1
25d43614217ae7ed732ace692fb5729a4e105abe

SHA256
3b56df6953079a87576dde0ad8d799f31a9741b0e283a734529f3eed66dccfdf

SHA512
db5f5b0915caf46067377b81c44e360b36e451147d17be812ca0970595003d60a4b046f477261b2e2573e3aa7df241579710c207b9defdba31bb0a0ad77339f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0f937cbdc351035afdc93081c1127af

SHA1
458361c5fc70cc3685743db8a194fc1aab86c3c8

SHA256
08d64408cc1224fd824a9ef775970c0b96a085fa933d7b026777e8e6a911ec18

SHA512
ffa9ecfef17d6137a1ab1af993d26864b4204f775251d34e8f57cdb8b48685465dd6f16811363efdf96275a3079ff94dd50b134a854f1a62aca4a47fa83fc326

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA8CD.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAAE8.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit