d966a91457c9fedc95bbc46c1add37ec50039f24efbb19781b2e904d92cf5e10

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

657c1eb8179e351b0354dd24026cb372_JaffaCakes118.html
Size

126KB
MD5

657c1eb8179e351b0354dd24026cb372
SHA1

ad7f032cd4af36801f375602fca0f51e4fdf76cb
SHA256

d966a91457c9fedc95bbc46c1add37ec50039f24efbb19781b2e904d92cf5e10
SHA512

9ebcb09b2708b8b4f8a5e765461fc73d624c231ff2472c6318b586c2459a06b103fb0e101304a0801cad2c6037d9d05148e87908c037cbe3cc33d54634452d6a
SSDEEP

1536:SWr+BoA/yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy+:SWr+BbyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C5F233B1-17D8-11EF-9A0E-5A3343F4B92A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422502394"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

3000 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

3000 iexplore.exe
3000 iexplore.exe
2144 IEXPLORE.EXE
2144 IEXPLORE.EXE
2144 IEXPLORE.EXE
2144 IEXPLORE.EXE

pid	process
3000	iexplore.exe

pid	process
3000	iexplore.exe
3000	iexplore.exe
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 3000 wrote to memory of 2144	3000	iexplore.exe	IEXPLORE.EXE
PID 3000 wrote to memory of 2144	3000	iexplore.exe	IEXPLORE.EXE
PID 3000 wrote to memory of 2144	3000	iexplore.exe	IEXPLORE.EXE
PID 3000 wrote to memory of 2144	3000	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\657c1eb8179e351b0354dd24026cb372_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3000

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abb999ec7350a949f9c6e8e18272d97c

SHA1
6f50252d95f07c98ea13c5d93add0d82376c853d

SHA256
5df8bcb936b4c8b2483c176118e338f9d88c6daed0281a929008b3237ec9a231

SHA512
facba671c8d41dd66fdb1babe464edfaa41965c4c7dc009a05b43f0fea93f6084dd3c742f8b8b94567cc2fa24a482c16638ea441153a1c5c5955a65b2ebf92f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2f99c1cdd358fe79bc05d3c28cbe2eb

SHA1
dfe01f9da7b6fc6b495cce896e7402d06681554a

SHA256
210d686d3f41433a8f89e3117b55f038a41a0d234e93f51f87076500e35736ce

SHA512
5ef433c8846e774f2416b5cfcbe6092e5d22dcba167f1ea746615363a21740fbe01dc04fcb9781204d244439080dacc231d854fd5d7cf1b8353bc5d1d54487f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d45cd5d601a2f43b0af0408367b4508

SHA1
5fa0c5a33d604a83c569064702b549dddf04e92f

SHA256
4ea94b59b8de9abd50443844a7c117a6a4f8514d91259b295eda58d833ba06f8

SHA512
602e3d992c63c88d014ea18d02bd4e0584125ca7fb0b7ba09950f45617139a632ddbaf15406677f36a26248a1987291a7861adaa8c74e746514dc145894ac727

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f59abe23e91ba42bd0adbb3fa28de1b

SHA1
bf773f27ce530eb0fb2388f73d6f38d2b75baa14

SHA256
d9114894d80ee7e51945fb9d93107bac1ae6611df1211fb53c78e5a66a24124d

SHA512
ddb35528be3ec03803453599c46ebd5b31267fa7b2a401d140b0535d012afb06f6db75a079ec48b4cb89e60bfa342dc20a779f71abba2419fc11f25d1368c38d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ff6fd27f337ec8372c49fd1502d1268

SHA1
c7d609e61276aed0ae560690ca130e1991c34df6

SHA256
ad5a3ec1f418508274202948749ff691bcc5d642943338efe9aa14cb0f0623a2

SHA512
65a1d859e34abbea3f796fd1fe30ce4584aa75fe6338ab517bdb4bf2e1d2a4beeac8b7d4fdb7ac7934ab8d6283507d468c4f7bb8bc266fc7744728cc0ba1fcd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
738e4d6ffc5e522532a62f87220ce938

SHA1
f9d5ad1ad96b5b98bd1d18aa590059a0c6b8da75

SHA256
19964a51250e97304649eaa8cf6fcee99081521435d40160b3c3a87acb23c612

SHA512
d2a676036dc8794eaab8bc5d124bf86f8cdbfe1a7a42e45d4403e29c1062584f48e7b31b79bef339c9319d87329edc0cdeb8cb17e8ca38a0ed304a85cd67229c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7aaef9b73a62699d100be6858016da30

SHA1
4a66b6804a3d14fe8279d1fedec89b5edeb23428

SHA256
f5174e1eae251237529823f953520248b10392d9a4ed995b4715c9d86066b136

SHA512
dec7aefa8257e31defee57cdcbd351b18a4f45dacc6da49b196022fdebb5dda0712916e35d31f15bb247e200f632703deb50d45ba750f7742456e94cf268e667

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf1583bb81882b54f7ea4fc3d315f533

SHA1
0627ea75939e8e53139fd8ea08e7c71ec60a8d2f

SHA256
8482052818df0cdcd7e01b98d083f6af8b9f654fd5b814cef0245f754c6de4e3

SHA512
175b785a1aa70e3c3b66bc8b6733b0dbdc34f0c1d182602e633d3c26428ab3e3d8b48ec97c791672e87773ce806e056b6cabc84d10408f202a5d3b97f6b54b71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a2b0aaeef1358292e32a4644d0a4443

SHA1
a7eb07152323bbbb44889bc4d1dc466ad1f8865d

SHA256
0ccd0dbdbdf88ecd6cf484f81d848c502c9ce5291facf62060225f86d9cfa789

SHA512
29aaf8959a98c918395b53b87208e17621cf800552bd9748773d6fef67afa2ac74ffbf6103270d809529e83eab20b3bbcdeabecfee4a3ce8e0c77159341fdefe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6B7.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar717.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit