dc2c3d1343a4948a60ba7600dfa49058035f4efe145f34d0edf5711dfb9d6f38

Analysis

max time kernel
138s
max time network
133s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6885f93fdb78e5950a83374e516f002f_JaffaCakes118.html
Size

4KB
MD5

6885f93fdb78e5950a83374e516f002f
SHA1

c74bd34ae7f7a2a5fc2980fd085aba4783fa7326
SHA256

dc2c3d1343a4948a60ba7600dfa49058035f4efe145f34d0edf5711dfb9d6f38
SHA512

116a043a55315c75c6b9e4b66f3141f353d8429b47719be6135b1ae86ae371340836f36ac418e43312caa74596bc31dbe50315cd4c52b67f3606393769be45dd
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oFGd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDX

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422571655"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{06F8D431-187A-11EF-8189-4637C9E50E53} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000018db38d6706ae87cb62b4815f2cd7b734220abaaf2e621deaef10923fd66db56000000000e80000000020000200000001c451821963da8a5c72b236906c72db234702ec35fe0aac58f52e9f62428be41200000005188db2b59aacfbe5d1583ab94d1971a81e234c1685e7ecd26f59949c5e3b5fe40000000bb727a3c47eb845a3d7569919cc4339816abbf460df0eefe034cb573edbec7b2ba3812ad1dcb550fc75ab34721608246c945bd202e6027653fa60137932f6dc8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90a27ddb86acda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000201ae2301a7c6ce74b2a1120f19a358c5e26dabaa8c30947bacfce2fe94ba349000000000e8000000002000020000000bfa3b97ce84aadc3184e12df9ee2d10c770b4c7f7b45cab58fc08deb5b799000900000004157dd1a4066233bcf314056923e45f238d0a56038e5425f3c1ee49f9ff823ccc96eb1133a09fff565376dacda70e046f676e929319b00c656a79429472826cd41a79f67a97756f80bf94cc3b69b081a29cd76eee5f081eb4b4c073b7a38f3a516542ac832ebffd476dcb23f0f9b297f4fb0a1ca9b1acf5182c97ab5fbee8cbda186e785cb2474fa885230cd7cfcc79040000000deb934290694a0e333e969d3a1ef0affde2945d5989d26682eb50fe6d426c07be9e78f7f087457143d8fce182002b36d5920df964924c20c13104e0a77226160	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1680 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1680 iexplore.exe
1680 iexplore.exe
2172 IEXPLORE.EXE
2172 IEXPLORE.EXE
2172 IEXPLORE.EXE
2172 IEXPLORE.EXE

pid	process
1680	iexplore.exe

pid	process
1680	iexplore.exe
1680	iexplore.exe
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1680 wrote to memory of 2172	1680	iexplore.exe	IEXPLORE.EXE
PID 1680 wrote to memory of 2172	1680	iexplore.exe	IEXPLORE.EXE
PID 1680 wrote to memory of 2172	1680	iexplore.exe	IEXPLORE.EXE
PID 1680 wrote to memory of 2172	1680	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6885f93fdb78e5950a83374e516f002f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1680

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9d23504e3321be95870529cd7160ba2

SHA1
2f313b7d25a9738f6f2a59fc0de3dbe07163869b

SHA256
921bedf84b12db6d89e75a5e67d47e2ece21b23192cafb1de6b739d9269950c8

SHA512
834d08e016c3b9e81ad05e6f7971e370ce53b76fe26e03efc5833915250506bc2b496fcb54f4e2c9ef8615a67a6d1513691875424ab71e06caec488ca5dfe902

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c039c21861b9bb90c87bb67c8505806e

SHA1
045cc2297846dc4c35b772c67fd4889e9d0e5381

SHA256
fbea8eb9b2555d997f20954497e29e3f6b3f9f5e85a4d28eed8ecc1bb21527bf

SHA512
84eba5c2b386924d88334e8517e6a45f3e5a07424041f8afdbf7e4de5874799830734337fefa8bb0c6042e03ffb914da575c3ad7bf00c32f8375f574ce623955

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3730934d06744e2a2fef64f8e503ac76

SHA1
9e52d2d8e5f59baaf8af54fa921cb164ad9f9dce

SHA256
735e471a5d25f61f04821d459034db4cb87e55002917876735592af1e5f22362

SHA512
d13700b56c77a188dfcd61cbdb039975c5e8f94fb0995964f8d03a5f4d9c7b732093d408c76040f67c8da4cd27d2ef4da195597f3fc07a3c2df0b92432bf101f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7b71cf53963923e5a47252cc6284071

SHA1
5a4e8916ba149d7399a6a82fd4c38605eb38ea33

SHA256
7c2cba4f0245c98aab805a99230a9b2111aa75323e19a18369dbdb7851738860

SHA512
ff941d17f4884279bc2ffd9df0b402113284686f350263e488d8e03ed41cb74cf3e02d2693be2ac6861b8f9eab6f73d398fab0f42c937a407995f9dd71333839

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b5a2bdc5f105b981ab20ba8ae082ccb

SHA1
40999cbc487322ec2f8d3b328cc0f5750dbdbff4

SHA256
019b01ca39a6eac2a86e2e595c761ac08dce59aef132c38dd91615e3e7c6a1ab

SHA512
60c35e95d908841062ca61617cf70766ff4c02a4be547680fbaa31935a8cd9e8b7e6688f2e0b63b1bcb7be4a952b98f05150118cea619ff416d6c7c0ad3245bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d05cc0339e6c5a70243dea18825945c5

SHA1
77a945e898e9fe8ad99449be690135e3ddf47051

SHA256
1cb8471a7db85f7e8949eca374c42b5ded0e91501f7ff21cc2d0a25246c3acef

SHA512
39ba205107896ac14a6fc1e54c45622293c129687944a5831a4a31b7bc206e556b86feaae8ad65968f5013425fbc52bc17e1a2bb24eb0981cfc3438839227620

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac58a0c1a4b39f67e525efbad61036b7

SHA1
abbd5e3cb1c3b63e49211134771b35dc36334899

SHA256
fd460743f7ac70b9133a72c3d3f362b2fd310f41aeb0b1ec3f87004c57ebd3e0

SHA512
f4c12a39cd82e605761694a5de8b98bdfb2cf567b4320c47fec407f7fbc7d1f5db74ff60211807aa90b96fcc1179b4cd94df592683f65fff724ac37670db9c11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab28C8.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2D3E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit