b6af1422e52ada25689cac5cc49ddc1ee84b622e34751c898cf132da8b90efce

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66fa8ee731ac395187939873eea9e3ad_JaffaCakes118.html
Size

39KB
MD5

66fa8ee731ac395187939873eea9e3ad
SHA1

c6f82474069c35ff2e0a4a9567ed2743de49c187
SHA256

b6af1422e52ada25689cac5cc49ddc1ee84b622e34751c898cf132da8b90efce
SHA512

dc2b8f76162f18eedad8ed234316762d9f17fb80e93646c94ce5a9f624eb02280fe747be9b1074d94f0fcd4f81683244e843510c8bd751b13fb3b6a9d3d9e1b6
SSDEEP

384:Wf7tDLc10/e22nzOO/GkbGh019TIIw3uR2M8v1J4Tb5bgZjpkNo+G3HL:Wm02RnCO/L/1GI/dBNoNXL

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f57c56f349a14e8f269e325e8786c000000000020000000000106600000001000020000000b19cbc61e98005dab49c3cd7bfac23ed1d3689796193ff439437b03f653a84c2000000000e8000000002000020000000259fa8fb33b29f94d1c71afc94cd81c7d497114e644a72380815d82083162d8c900000001a02e5fbbabc93c4b78651bc9b517d3e9859ec982ca9d7aa0f27444b674247f7331cc82c183d3a01b0466cccd85a6a028052cfaa554268d89539fe50c2483c91d74cf99187e828fce7b704838401f4405fa8f4129982ebae05c140cebfb7c4ce7a61e7f57384c5cb111b222f53d04e3bf0887aeaa692fb47bb8e76d204b2743f0da86eba030020e2136af467649bd80b400000003c8868bc82c1812b9ea494200f6b6d094d91aa98324ca1686b17a8cd777100e56ad68cc801fe9a28d7391c58e93c7260bd2a12ac7d784ddb49eb3ca303ef120e	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000091f57c56f349a14e8f269e325e8786c000000000020000000000106600000001000020000000c9ccb167f312bdfea75579db9331645288d82f8135526dd3b6c8ff8fb4b1353c000000000e8000000002000020000000fb5295b4b0001bc66cf254a8ad012622c631170cd7139aa27eaaae275fbf7f3820000000943e69fa5be9d39028aea28eb86d44be5431066f5367902e44d270105b22757e4000000053daa8415f25a87d5d76ec2bdf6aa60a6b663d4cad6d2975479e08e87cc48b0cfb53a721d1812910c7577430784805b36433822f6ed4d4fb050aa5c94727d823	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BFDB82C1-1827-11EF-8A46-EA263619F6CB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 506d29b134acda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422536315"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3020	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3020	iexplore.exe
3020	iexplore.exe
2180	IEXPLORE.EXE
2180	IEXPLORE.EXE
2180	IEXPLORE.EXE
2180	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 2180	3020	iexplore.exe	28
PID 3020 wrote to memory of 2180	3020	iexplore.exe	28
PID 3020 wrote to memory of 2180	3020	iexplore.exe	28
PID 3020 wrote to memory of 2180	3020	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\66fa8ee731ac395187939873eea9e3ad_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b225751fa345cd952a963829efd6ab59

SHA1
2f36b34c7a8a9f165d2f64379e760c3c9644f153

SHA256
2b594052a8b959d3e0de6e3999f996afd2f9db535496ad2026011d436fd9bc41

SHA512
61e17408e6709c18660db630590126beefc2547fd9ae12d374a86801b111110ba378a8e5910dcbccfbbf41bbea855478010f10ae1790b98c989a6a51fd4bb2fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c9f1f9608cdfdb6ffac8ba109676ee0

SHA1
bbfebe56dc7a673140a5f08a0515068cdd19380a

SHA256
5274165df183ba63c8aa588d4ce38cc9a2262f12d82fd9d319eb148ec02d19f4

SHA512
c97239dd6b95b3c6ea918618f6d0ba944929f49dcf72f1aa264967ebcd1e00c9d4862d66aed11fa48b34c8336667e0c28f52751ce7c895359138035b06aad78f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ba2b02e6c9992506286ce95be87b144

SHA1
f3b5621193602cc0650825516d84f9b7f0fe4821

SHA256
5b6cbbdba9bbea8b99ce2e78136f8696fd49b0aa37f06de4699ee9a3fc5f1928

SHA512
6a2e5ceaab58c2ca3b73ea13e4035495f9b5f24212880a8f9777715f5800a4047cad99310c2aa3e82e98aa1f7f1585055c8c2ac87aeb4f8a4f16c0e45a71dc6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04a91ad38a26fec0124b9189956e4e0b

SHA1
fe59592cf198fb5f0b5d3c6fe44a112bb70a029b

SHA256
a62dc6cf56f4a7fbea1cc9636f765b477b94a728d36c8c8c77d4ce53123e6da9

SHA512
d4f1980410e9cd751772421ef5202e6e18b9f3696405a402a31ff92b52f5f69a06e66dc943c2be9de2b841a0b2edaf898a5ad69cb02f61ab1523723bda90d9ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b157750d1a9cd27a4e21f1db39f7e487

SHA1
a333360985f554b93355facfd560ad3daceba25c

SHA256
eda125a3f0c4992c528eaf31c995ad4617eb53ebd1615752be939d8a6b2cd594

SHA512
b69e478460baa26afaaff6a35baf1173019ade1aded389c126e46b5d825632bf9d26dbfe4b37da83c541bc95e20a84f8d58c7fef0ef9f733b74e7cd143086240

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
143c9a100193d15788a8ff5cfc130a20

SHA1
82e0f707d723b8a769e0f331d2c6099d8cd92de4

SHA256
bde792cf9e603fecccafa13f0f8c0e34615a1a37fad3acabd32dbbbe4ff71fa9

SHA512
86ed8898b7c9e5cbbb232dfe27e8833eee148ba12940c344a05b2b46b3b540ad6e2136dc6f11aff166bfad8ecded385b1a80319c955b39d223dedd506bb3eceb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fca031147d397d4fb705118ab80f2b8

SHA1
b1f07bd998d577e6961a457af953e16768f8bc96

SHA256
b20b4f99ce14b32e787b966ca17608b1d0b12b4cbd731ab0ae6d01f3e33f3188

SHA512
8853b66a65fc7233998b69203063b3eed2bc5c23777222e6efbf9fcaf6ee4ba618d2667b13ff1defe97f4e93c792742057e5b8c486be78322224a7bf0a6a51a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b84aa6d1c1ad62ff4e3393ffb80f770

SHA1
a21e30c5b27168a01eeb1d8315cf099162a2925e

SHA256
c87d9615a7ca442e06050163f4554d7dc6ae58bd70c2865c4f43de9577631ec4

SHA512
e278ed1f0f926e21d43e2a6ec142a3e63f204ffd64112de6a8d2aef13b8f940ce84d4c8be1c791d6341c476d12d1b94d2ac59dae226a507a38967471d293f97c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf407d7838c3403c4f519e2fef649774

SHA1
726d41f51e3af100ae3600b74c3f48cf0353e959

SHA256
1c4e04977c5bc2f0d15d718cad3735764dde1601c59ab8126b9093cd37bde760

SHA512
78afba5710bea451f87fb8baa4510831ab32bf70722693b11c7c927f0c217d3606b2e152582c32cc65df5dc65c69d44dfe09d3250219504c7eac776758312760

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9dfe8f10c99244be296368a74185eea

SHA1
612e81c4c6403bbe320f20ded6a6c7f263cf397a

SHA256
6b963bb1689c9da85f29899c2dc15c103c2856a0b815018d9a563733eced4703

SHA512
48412b5fb2b9b69582ae418f9b667f35cfa85240a9be283835683bed6abd1e9bb8f0de2e1945f5d5fe1909ff488ac3520127d1d608dc122c96992a881265c377

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd366356b581b539ff362fdf8ff66b73

SHA1
75d89b441969e956a44fef2e69f2fdaddaeede14

SHA256
36decd66ad11f22811dff12fe8834bc65902d00729738d0f4336a6a769fac28a

SHA512
23722c02e3817f85078f5997e75f13be7d4387c21ecd7f7f1a05bf6e9548dace37272d91b53d305f97b9fe41e86237ba60fc7bec9bd15320f568f5fb588b838a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a66199d8765d43c27f63dbc6f4263353

SHA1
fc76bf6f1782008087ad5ad645dd2f462d9e3b5d

SHA256
d9d089e65709b8afd03803b0d77e8f316d3e6cb5aa07e61de4b56df8b955e690

SHA512
ae9fd1322ed017df8a2549815a2bfc425279eb071b1416243bb7552a2c8399f2698610517b594fafcdc2df8bdd54e2e468dfc3b0ba8b0d9a6d0a885cd18d6a44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f403f68030967f97b94aa6f8922c727

SHA1
3a5c77d79a175e5d8f362f0147a96944229c245f

SHA256
69d1ab51004772aa6b3aa83cdd98e957e8caac83640ef9b34802860b06c91bb7

SHA512
7365262a464e742209c800bba5155ab893df5daba96cc7eb934ad0d9a464127af1e052d89be5fca5c170c74c7c22c8abf2ff45c7806a0383165be202b33cc03d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc87ad0411fded45e6c1ca756ce1b706

SHA1
6e81803cf1f7a90708f1bcf0380185f60766219e

SHA256
ba7946ad3787beae5384e5aa5ff7146b834048f10cbd1e6514c27ac199ce0cff

SHA512
3f64701aaa426619dde4187c70392a69482aebeef4066079a3bdd8aa8d7ad84f82f86f21f84864052c29ff1c414ec4d0626b2c23bf8e79fb397c40472ca55fa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF29C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF369.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF37D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit