803a833b65426f5744db139796d7a2767b3ccea64a235f1fac4f13bfd85be8b0

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6593f47e63fbfba5adf71dbe6fa4464e_JaffaCakes118.html
Size

19KB
MD5

6593f47e63fbfba5adf71dbe6fa4464e
SHA1

97cc889193a361717400b0049f1b17f2fd2bd01d
SHA256

803a833b65426f5744db139796d7a2767b3ccea64a235f1fac4f13bfd85be8b0
SHA512

5d63dfd384391998bcf432057c28383122a0d3612266f8308d33ae8fabc4e14bfc93d54dd08528ed66c987f4301b68ebdb223e2bef5022b2bcc7e1d05b773974
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAId4PzUnjBhpj82qDB8:SIMd0I5nO9HJsvpYxDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4E824C21-17DD-11EF-9DC0-D20227E6D795} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422504342"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2676 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2676 iexplore.exe
2676 iexplore.exe
2380 IEXPLORE.EXE
2380 IEXPLORE.EXE
2380 IEXPLORE.EXE
2380 IEXPLORE.EXE

pid	process
2676	iexplore.exe

pid	process
2676	iexplore.exe
2676	iexplore.exe
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2676 wrote to memory of 2380	2676	iexplore.exe	IEXPLORE.EXE
PID 2676 wrote to memory of 2380	2676	iexplore.exe	IEXPLORE.EXE
PID 2676 wrote to memory of 2380	2676	iexplore.exe	IEXPLORE.EXE
PID 2676 wrote to memory of 2380	2676	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6593f47e63fbfba5adf71dbe6fa4464e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2380

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
968a96a57a096a8ae29377e5d1101711

SHA1
7dd945580d6f25541bef0f2c3994b9208065c475

SHA256
c86a427620422a2b7aae179862333d372dfa79371378aa2b263919a7352f0ed5

SHA512
0a5cfe69aeab6d108efb1241dd04fbf29fac190101547861a7593d9af86539ed818795195cc23dec549478841533a8f963ce451b38f065c50b95265e24f102f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8eec0d084a270c66354c6fbeb3d0a37c

SHA1
730a30a8b329e18bea790158689b6093fac13d4f

SHA256
09c88868972afec63065782ae3d7c5c646d80e4a599fd0c3cefeaf5054c0b46c

SHA512
666fedb8f687edf8c61225f2e9a14ae700af8da31853375c05caa7cc36906735c46d3144a7e62b1a41933e803a0799b556770f2cb796a9035a760a37ad15cfcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dbb92a371d3e37e70c232b1f2bb44875

SHA1
b7f1e6058f08f743e38110612013d85ff1b5a603

SHA256
0268739d7aa36a459ea82b32929a0c6e9ec7bca310f7634c11cce79e6fc1d3ad

SHA512
ac6b817116eaaf7a2bac3a0264a97c1094530671dbce70784dd75c1a7c56f3b34668dcecb7dd7c1cb7b065346e3f46b1ce979f910f77da5d39ad8ca74dcc3a46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c7b479ef6474b4042f05f3180c56246c

SHA1
ca63739dc96657e7c42a5965544396dfa2df9ba3

SHA256
19ee546ac5950abe193b1a53f01f0cac0cb548f528c5215df4994f1f4d6417af

SHA512
038a864a32a21bb63353d63c58c7a69a515668abcfefa82754e472c09b110a2285894b42e640b4ac2614f020fcaa6f954ceb623d5a01b67f4d99b567230fdecc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d724fad5aa615db8878e1948b0e45a12

SHA1
768e302334a95479b51b6cf979060866bef832e5

SHA256
1db495202a95e9706717e2b14a7208255a1ff7dfb7d32bfd828f5a5cd0839fcd

SHA512
3c335e7d6b95204300213722d6ac5354f6b403cef94478f183e2434edd922d3b9e2ec91b0cf2d8996ae31f585e5514f0194b4875cecb95389f5aa7421db80729

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a1687a0b1171bfdb1a11222114da9fac

SHA1
bd3b51255964ea1147562e84ee7ae6ddb7743e7b

SHA256
c1dbf1748dd3394496e6173f52696e100dd074f02217e2623a835a0de593eff1

SHA512
409622c88fd4cee1669bac60963c852d754bc1e868618bd291d9f5060a1747338596e37b7ad790cd0aa40095d9d81552decdf348009e0405c1d0d27445559110

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
93c971e1bee95d72f28da6550189e71a

SHA1
215d959eb46f33923cd18228bc548201ce4343f3

SHA256
8ed575da6dfc7c6abd1ff5138071705641abc1f57207eb59638e9c810c2e2265

SHA512
bdf2d24660a169a894b325a4f95f47631baaedb770bdf994d699a7e840c3d06c1172a1bfa78ba7a83c76e1be12e295dc5443c5102391d3956c193d260bc9d870

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
59f2aad88396395e5a4de79ec3cd293c

SHA1
1edf77ad617bba6b7ee1ba28a7dabf2fd92997ce

SHA256
a9a9a00eb174ac4d1266b12bf21109636195abeb1e9c202e261530b1e94eecab

SHA512
a8916b71449f062c76f64557b35d49735fca6d791ff34e79d3b574b59dadf59ed5fa466eea2fb691e23def79ec471d31eff0dfa00cc0d029ecf955df0032f3f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab30A4.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3170.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3185.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit