8ee073e9b135b15e0bf9ecc5d93f3e4adc7b9ccfdeaa6a4ffe2e762ca204cf47

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65e6432e9173f0027a4b8260e87dc51f_JaffaCakes118.html
Size

29KB
MD5

65e6432e9173f0027a4b8260e87dc51f
SHA1

dabf90104444dc7512456e8d39e5ed0ea42e0175
SHA256

8ee073e9b135b15e0bf9ecc5d93f3e4adc7b9ccfdeaa6a4ffe2e762ca204cf47
SHA512

d1fa57f0c7cdab3d8d9f9c6abe4e6368ee38c9501910c63115a72e2d7a583ba96ab855d9207f6411751f0b409ff8a430a0fcd9474bce07014b8aac31eaa67391
SSDEEP

384:KNanqbn8mQ0Xw9h1QD89HDL5ZM3bLWusbzTyYZ3/RKWgRE0Rx/6yRS:Pqbn8mQ0XwVQDojMPWbyYiWh/5

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0F9ED711-17EE-11EF-A0EE-F2EF6E19F123} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422511538"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2876 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2876 iexplore.exe
2876 iexplore.exe
2904 IEXPLORE.EXE
2904 IEXPLORE.EXE
2904 IEXPLORE.EXE
2904 IEXPLORE.EXE

pid	process
2876	iexplore.exe

pid	process
2876	iexplore.exe
2876	iexplore.exe
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE
2904	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2876 wrote to memory of 2904	2876	iexplore.exe	IEXPLORE.EXE
PID 2876 wrote to memory of 2904	2876	iexplore.exe	IEXPLORE.EXE
PID 2876 wrote to memory of 2904	2876	iexplore.exe	IEXPLORE.EXE
PID 2876 wrote to memory of 2904	2876	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65e6432e9173f0027a4b8260e87dc51f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62c28b57c1bf7bf61a912fdb2a7b1085

SHA1
7921e81aa07465ad9415bd393b10a17fbce16795

SHA256
48f028b35d2467d09d7b875fe98d678340eac7104f9ef4b7cb7a3bee7038055d

SHA512
297db3dae887929993a60137397c3d9c526e29d372c8830f8f872a88c72a28936691cb3a892fa1a2cbdf2903a4676339a10d6458ed2f1d4946ce9e9ad3e52cc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
720b0f7b6fec04c5f04e8d8c4d3274c1

SHA1
a597759b4f44c5aa0bee936f3239911523f6e06c

SHA256
6f8b1cfd17507ff624b79ebbd03543aa5d34990a0d9b1584a05f80dee90d8f4c

SHA512
eb441357c9cd90dcc56d95b0a571a22d9b23c610bd6d9b2684782547ebbae5e45b939e9bc31fa57bebed7d5df15bd9fc9dff167dfe39634dd2586eb7cbe419aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2adffe4b0371e40b496335866ce59d7

SHA1
694f22b7b821f930b363b07ab69dc76dd1a0abf1

SHA256
19e6b3ce5d0b85e5d69a2cf2522935a3023ed2a3906c2580d5b416ba0c8511f7

SHA512
2104e1ad95cc9a63b53890acb96615e11da15d61bf125ad7ad97572fd500c0a314898e60391d68740281258c9cfd4ca5ba1829fce6424b8a3d70ba9a4aa2b1e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c97c0a87aeabd7925b0ce36331bd1fb

SHA1
cf16f6827464b5321fad14be6d88a785f1f5a5f4

SHA256
168d63010821287217f663f59e16502d4f043a9b1b36eaa7ae650244f2012ad7

SHA512
27d87413eebb984d6ca2d943033129446c5364afe6456ed79513d8907bfce9070ace29aa5d6939af36e5c8a8f9bcc107a0899f89cfb6905cecbb4f1644c8d4c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db7ec5679b0eb454c1dc5db8ef3332ef

SHA1
068f37445413c7837d29c602fcb8f5d8e86c09b0

SHA256
f1cc53d31e167985bd1126a3a74f8910fccfb4f1537bf2babfd5a6036ecd6886

SHA512
a8f09de1e565a85ecac7bfe3d9e3bb643d1bad85374a8f4c538b63ea386b3994f10e6e77f244a291ec84dec3843cdbf41226f304759c20f96d84a6d992a6f318

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72b5d519756a55b8b2b73a34339ca735

SHA1
a6502e8899fc4a34c502b2995b3ba4681652e3e0

SHA256
504bc4a4568b1a46964195d49046e49c46ccda42564fd126539ad8fc9df1741f

SHA512
52cc4f0d4ba54947d1699e2c02996b123f72b3e0030fa160de66e165cb7b529a7015a96c24ce688b79fe5699e50d2a90aa34a363978d8293aeca790593cc0765

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf6ddc4580368da3b74c0062a1d5b1a6

SHA1
e569e8d062e3386f274c81cf0b893aa2ca1d57fb

SHA256
f7edf1389e1f851bbc87f8ae8b18901f169a6e042f9816fc22f7134368f44bdf

SHA512
b525b0706e6929f830a956c67d71325b7d3af65435b906d7aa11adb868afc17c85a796a51e8202404e11a9a5ccea6d9af2f7010d8203a8349396a8c6a74679d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
919e3464c4b5e946312a2f98b7a94223

SHA1
a5b39fc147e6e7b60d5bc59382163ce883146ee2

SHA256
968f16b00c7c233f0176d37278533d1077e9c6296cbfca24ba01a00ceb0989f9

SHA512
f513837066e33132d65383ac5f2dfcaf04bd4d5f3a7a4f31be92c586e2a871097e8c06f0445d2f787d35400d71e138248a873f32df1fcebed0a1cf3747788681

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d4972cee031742f9d09d9425e29c0fb8

SHA1
a68408aa4420d76ddf1cae3a9fc57615aebddc5d

SHA256
0542ccc83bb498f53978890567cf5895e89400f0034bf7e112ccddc8795d439e

SHA512
d59333ea0d842782fbea02164c05cc08f4011d5c94a0e9370be1a6402db919d6dca07ff048806e86329236c8f941b2c467c65306c484c7a8f79c98c21a10fe90

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFDA2.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFE93.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit