c337c1f9b91e4eb7a074d681ec12831688495a7c55ddb5e9865788890b758a9e

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

658bcd2bffdf623ae9dfb711e4cbe159_JaffaCakes118.html
Size

142KB
MD5

658bcd2bffdf623ae9dfb711e4cbe159
SHA1

ab2357dd4a7b93205f53a5065481940b7bba9c89
SHA256

c337c1f9b91e4eb7a074d681ec12831688495a7c55ddb5e9865788890b758a9e
SHA512

2750b9c7b80e5f7e1d117c62cfea7f984d95e218b9243c7970a46cd8190e37f975afb3a01fcd5867b0e064abdf3bd6b8f01e54a5d8d0f04a66eb1179fd05921f
SSDEEP

1536:zUZydlEbbA99YZHqRHHEExx66++IIddtt77bbSSSSccllbbFFDD998811qquuHHf:z3dlEbbA99YCV

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C344A821-17DB-11EF-88AC-F2AB90EC9A26} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422503678"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1008 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1008 iexplore.exe
1008 iexplore.exe
3000 IEXPLORE.EXE
3000 IEXPLORE.EXE
3000 IEXPLORE.EXE
3000 IEXPLORE.EXE

pid	process
1008	iexplore.exe

pid	process
1008	iexplore.exe
1008	iexplore.exe
3000	IEXPLORE.EXE
3000	IEXPLORE.EXE
3000	IEXPLORE.EXE
3000	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1008 wrote to memory of 3000	1008	iexplore.exe	IEXPLORE.EXE
PID 1008 wrote to memory of 3000	1008	iexplore.exe	IEXPLORE.EXE
PID 1008 wrote to memory of 3000	1008	iexplore.exe	IEXPLORE.EXE
PID 1008 wrote to memory of 3000	1008	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\658bcd2bffdf623ae9dfb711e4cbe159_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1008

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1008 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a6d5bd8c6113cddcd2497845f03d0fd

SHA1
8dbc721ae0d70bcf96198f6fc17ed4da0e6fc962

SHA256
db840745ebe6dc05a9e03a0aecc12a11bd701c500168dd60eacae8f627228408

SHA512
c1dcff2a49d6a9e50e1c018198b39bcd0417bfe03d5c0e28439bf20dd3af98a901b4574364c85ac4702e9e15444bd2e611a2b2e09dc0476314baca3a6ed4debb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fe7f02114ebd1d465ff1172f69527a0

SHA1
dd4ff30f58ef43f18980058fc644f63744a58234

SHA256
946c075d877c6c2c649de5164ef70c4af0d1859063a14a26e62e10bd8614a7e2

SHA512
4d5f95f2eabdfdf90c7ac7e7542293b68536910d517458a25137bb8c10b83a70af040ad6d3bbd6da3c641ce38ec2343617b0d655bb67561766f5327706cc57ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5cdbe8821a75b02193ecab7cff289e9

SHA1
cb4a2d9c68aaba45b90102cc38b7c85a4f2a37cc

SHA256
7023af9ba2005a31c57157a0025891daa7cfaa89f3e219eabe87bed160a99782

SHA512
5a274e216f8bf6bac91c01ab636d18b266774b014485312c61ba16cdfa329f25a0d4a3b24bb8e82a0278523af58a333e9e035bd6de6de457d958b2bd7cb2336f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f13034bdb5c31d93cc502052245a02f0

SHA1
a917ce53223ced1d68106933b07fa053c2e31ca3

SHA256
5d2be0d94f37ffae5b4557afa3be91ee0d8f2891e540d75d806afd2af175e9ca

SHA512
6c368d3bd0c600eadee6951ed5be93bfe87eba1012308d5c2732e3ba9a8db320f3ea172e0c0a08d2fc0b8d70ed463b4d5e4d201780453dbeb674ca65c9fe8bcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b65ef0cb40673e4ab550ee30ba4a0371

SHA1
a172e30e547aaa5018f4d04b3b37ff21f39c5a0d

SHA256
c0a43c7629ea9f5ad8192348fd71ee29bf5cc005c90b4615f73f1391f5d3202a

SHA512
b461ad4273b1914471371fdf9bf5640e552de433febffcd181d1d2317f1bef657c00ccdc2f853aed72d2fd93d955480674d8f902178b54f25207322f51823cbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3ae263dd8018e8bfe9d5e94e86a625d

SHA1
37b34a4823de27f1ffe482747af4cf029930663a

SHA256
e75babb21bb1a382087af9534362d0c61f05b3c0122bbddf4167632e6e37aa13

SHA512
86f75b58590cfab11791d4bf4501bccf9c9f840d5e3e4559d758b7b0c863b9354f667a2209bc68f9893af6604f5cf868a25405b6673212966f101f2b58bc6bce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0203338704b93bd2594e576944e27ae9

SHA1
8a0467bae919eae963c243cc6004138aeb0ca326

SHA256
6f0312677d8bddd95731008eee3286d1a7d8fc71da3e25f54f52e81a7fa63f0c

SHA512
0c3cb57ec063a0cc4f88b507ca835e70284f46526d3b9effc3900bbde78f55dbcf588e0c0f28d5f33c81faa809bb9197b1cc674751fce1aec9ced228e6481f37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f2de0d14e8ab3e355327c7bcf0306c9

SHA1
8afe8e4eaace985b58a0d99925977691689b53df

SHA256
31ff50e6df6d88ddfd30adee3d6ab9cba84f71a10bd173c16ee3f5f4701e4574

SHA512
ad7fabedb1578654813f5dd74432c1f48d607d9155d4a10dd5f9a7ff76ddd1c99bab9ceb25c052fa3233d2923b610d8a92e8b55d90511ff1b5f4a825416a7009

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b884d9f202d5cdcdb7f18f02f39e7f3b

SHA1
d0ef75e0e149e3ed1df2b4286033c936c06ae148

SHA256
429c01fe13cd9770fc825006e05a9280f2bc0a55c01e52ca87364fd0b8741bfb

SHA512
be8acaeb625d1c08d35691a15de0ae7b6928e714ef0e6e48d08b67d402d9d559a2463112a6ef3152caeeba0149e803ab0406f73a41b1f8a4ace49bf06dd78204

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab540.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar591.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit