028d3cb64f0d52a3415aa70e5c8dc2acbe79bd7a5f84bd3ec8906df93ec60ae9

Analysis

max time kernel
140s
max time network
141s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6582fdc0a6f6d8b917c9f65b07fd86dd_JaffaCakes118.html
Size

2KB
MD5

6582fdc0a6f6d8b917c9f65b07fd86dd
SHA1

cf75958671c529489109088cdd26b7997e51f561
SHA256

028d3cb64f0d52a3415aa70e5c8dc2acbe79bd7a5f84bd3ec8906df93ec60ae9
SHA512

f8d60fa3e01c3b6fd70f7d2f40b66886d8dc9a91021bf119208a31c07c6977e1659e183d1d070b1d4371b4474ae4050ea4310731f5bc9145542fcf8c96098abf

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422502881"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E838DEF1-17D9-11EF-99F9-4E559C6B32B6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2232 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2232 iexplore.exe
2232 iexplore.exe
2988 IEXPLORE.EXE
2988 IEXPLORE.EXE
2988 IEXPLORE.EXE
2988 IEXPLORE.EXE

pid	process
2232	iexplore.exe

pid	process
2232	iexplore.exe
2232	iexplore.exe
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2232 wrote to memory of 2988	2232	iexplore.exe	IEXPLORE.EXE
PID 2232 wrote to memory of 2988	2232	iexplore.exe	IEXPLORE.EXE
PID 2232 wrote to memory of 2988	2232	iexplore.exe	IEXPLORE.EXE
PID 2232 wrote to memory of 2988	2232	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6582fdc0a6f6d8b917c9f65b07fd86dd_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2232

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d98a10246eafda4f3c9ae813a08429d

SHA1
bdeec0972a4ff4c66148cc1b7fa1ecf7790caaf9

SHA256
e21cd3da03cddcbea16a5b3d8bd7034904d5ffcc9b69a0f5e8f58782f2cab0ab

SHA512
26539167e79296549f9171d7c237fbe0accb03d09a8c3aca84d141200060fe43d518534bbdf7e09f6337689ab3d71f32f4591d09023756f36ae233215f0e69d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
807825690ccb7ffd982757b470edcf71

SHA1
3cd7c9bdbd5e93ccd4d70c0040d42aad8e75e0a5

SHA256
37f84f58ba74530341748d77dec31ae91546530d61174a3d1cd2ce7d9e47d03b

SHA512
5696b0b62acc57fa3c1a651476bf08d2bde0597e902fe0dc1ec25a83fe35bfc816828a6936177908b83de31dfd3404d163fbdc7b1bebf384012e8aa042e2dc5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e918e3c2e83c91c6a94728938dfcfdd1

SHA1
448a1725a868b6a8e8f3a9e9c2a71d3c0d24769f

SHA256
9f806fc82438acb69c12e2909a16c656f7d06e7a78d1e678090649addf7821eb

SHA512
3528f8f9e226da6c8bf2d5891122cd10bf101fe7780dd6c5f975f9dd32c55d7895d47ca42f2fef2db884a94a897b9d684a5aca42169b4943fb64a75f20589116

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebc9a499b6f3b77408a2b7b2535a2bd4

SHA1
83adb46e4a8000dd7685c2496ee1994ee75e99aa

SHA256
9fc8dec86e6689c5a063623d52e6ffc2e4807405f26ee13a514b55989a5c935e

SHA512
4c5cc8c6e0ee2f57d1b31e22375405a15684fbeb474380d830cb8587db4db43b50e0ace07b8b3a0cffa68a31dc7541deb2fd81d1f6f6e1578e6782e806881290

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8835aefc4083f4f6635a7c46fc93c98

SHA1
f29e97cfe2ff4b54d8eee9a8cde2328aea2cc92d

SHA256
dab5d396581770f581b31aea1e7425ce7f3bb39fe657757d62f8d174c9b6b880

SHA512
b8312d02b70685693f2855016319253a02085c46fef088e8d3cd19bd7aaf7c13ec9ab6514747f064a30905cbe47d3819dd508969479e21a2d80d6175dc437e75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef113ab5cb3a61d91f4b89b8d4b1bacc

SHA1
f070e305939bfda952556315f390105247dec963

SHA256
3195148164847b82f9a48d9bc2459567238a32220434525e5b78c0e1ced0d7a5

SHA512
d68ddde0d9874bfa4a9375ed27d4a9a0ffebc42d5ee9cc6dc0422eb23d6676de90fdb2cec3628147a1b532a9c9b1b862decf70b832788e917a4a2286043e5ff3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b985a56806f68775dd75bf9e4a3d7e2

SHA1
aa58d614caf7f317883147619bc0cc60a3187ee2

SHA256
cc47a368717bb4483dec8f29fc1ae6e745d11b1e31a1f0abe3a832b7c2a39cc4

SHA512
26e76431ee34522ea6f0c804811fe3d86bb52df044be63a3f1b9d694eb920e993eb2c7b26c2d52b8909311c641528fe6626e8527745fa992deaab6d0858df47e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e34e1539c78878e0f29e26afbdb23adb

SHA1
dbc0f723b48b9c567ce11b48e75ca0523a7d612f

SHA256
31c6233280df0129f23ca26bc2628b6e51a2330e3f6ff6f52c7327321dee61a0

SHA512
58c91e46e312539d384ca2eedf4a45e538f98ffc5f567eadb31eac41f6623d6ff095416b62c66123c91a1c031407ae7816e5d309ff434345f3dcf7d767d16bd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4dec6a5718deac447ea4c45d8b0c9323

SHA1
e4dc461c956fb7587834e209cae019555e4e224e

SHA256
f88574dd3e99dcf60bfdffadd95c990e668d9c398b5edf1f2f5831741056fe92

SHA512
69dd17419e768cc7b55422450887bbd8f2835c14129fa392a475b542e7dd7c1f411d9dc58257dc8d12720c02c68359dc6295b95886ae24446a9aa3f2f24bf97a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEC0.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF32.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit