2acc81f46fdb01d291faca0e426535356849a79b9a43107bfbe28ce312ff8950

Analysis

max time kernel
148s
max time network
152s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

691d8a95dd5616a17b2c113cd66bf1d8_JaffaCakes118.html
Size

18KB
MD5

691d8a95dd5616a17b2c113cd66bf1d8
SHA1

1b7b9552968e13b0be7e66bf2669d44e8397c4c9
SHA256

2acc81f46fdb01d291faca0e426535356849a79b9a43107bfbe28ce312ff8950
SHA512

e1e9bb403e56d0fbec6ee4ee5fd4691d63b7b0e5fc7ca657a6e35d607f78b8d1737bfd6a8be2a3e66844b31d16c126df7f4eeabc0d337bc3e3c926c3498d9c6a
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAI+44zUnjBh0O82qDB8:SIMd0I5nvHLsv09xDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422585337"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E33ECF71-1899-11EF-BB21-6AD47596CE83} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2320 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2320 iexplore.exe
2320 iexplore.exe
2028 IEXPLORE.EXE
2028 IEXPLORE.EXE
2028 IEXPLORE.EXE
2028 IEXPLORE.EXE

pid	process
2320	iexplore.exe

pid	process
2320	iexplore.exe
2320	iexplore.exe
2028	IEXPLORE.EXE
2028	IEXPLORE.EXE
2028	IEXPLORE.EXE
2028	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2320 wrote to memory of 2028	2320	iexplore.exe	IEXPLORE.EXE
PID 2320 wrote to memory of 2028	2320	iexplore.exe	IEXPLORE.EXE
PID 2320 wrote to memory of 2028	2320	iexplore.exe	IEXPLORE.EXE
PID 2320 wrote to memory of 2028	2320	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\691d8a95dd5616a17b2c113cd66bf1d8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ec7f139f637febba8527d8a580c2b8e

SHA1
d85cbb740848219975ebf693a12fa41025d85da8

SHA256
bbe0116d1bc5d9cb912e6d7e3e6041dca36290c49126a8388a41059891cdf165

SHA512
f12fca8d509fd2797c3ba1b5bf1b4220eaeb8c51139c65e218585200905d9b7e2304be77e4e847942e9aad9bd5973da79e93bb19039ef4194b95982b144dd796

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c3590dc252e05d608fd50734d5ff0d6

SHA1
cc8131f96b3c190f7902f389a80b5babed261b3d

SHA256
7961b976f09753ba423ead63f2b81ae32de5ebb6302b9ecfe569775bd869706a

SHA512
c8f2b6306e17b8846c44dc532e41355899ec1a7b4a10da7aa1e34344b8b028e965d0a3fc53b69c4862153f3ccb56b558404859406e8afb5477467a76002c800f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
281e94892c4e172cc25c370cad50280f

SHA1
b39f4b57660b6b8df00ab537d58552fc0c117444

SHA256
dc0a9b2470cfa892aa8b150ef6f056f13b502b46886b54a50c0cea4c1dba8be9

SHA512
6ee7481fc1c33e9716268d4823e5f6d624d2491221e90b19972e2bbd1690a78c3ab76bc8329a2869c08395da94806ea8cb830d516d7234e952539a6f5c012c6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9668e0ec0ae6e7dbd732b188073167b5

SHA1
436d7a6917d8c1fd790998731d5a344ce8c94d72

SHA256
4fbb39f574c3caf584af895cf4b457deed3ca9c04ff6915e271a6f42a9787fbb

SHA512
1181517060ebb3c827e1540944c54f0418e8a47ae4c65f2aeb84720e52b67f1a13956766c48469236918b9a7ff073cef771ae5814c03b3a91557a406fe624ab5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
348f20b14c442aaa7b23a1d7ee144bf1

SHA1
cfc6750958ae7082d4b163a6ad14cd6505e21e94

SHA256
e3b013bc29960a335fadc532d0be46254f0d0e076281d88bbd9833b952dbe757

SHA512
1615383ec015d7f89464a33fc9a966843043f890109bffca445d7aa837f2a4b1b3de4db058477e9100f5a9d8f74b34335a078d20a9bce9547b4acb21d983e940

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b00b11301aa82ef0bc8a1dc88ea825cc

SHA1
3b3ba8dc9b1e33ebca2898753980b815549bc3d6

SHA256
08484a469830bb76a10ea61b63b972eba8acee99168a82fcbbdfe4fdb33b15ba

SHA512
7d01e5550c6906f2d7958f959b88afa41b40b1356a39273e6575fbfc8479b8516963b74a9fbc24cefdfcd7b3403c62ddc4b0f736819363082ae8566280053691

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ac1860086b2001b3af02039bc40e390

SHA1
0f65f95f3c8b3e07dd4c194e07e49cb472d1711f

SHA256
49bc4fdb349f9ad4a86e616b075bc64a39365bdc3b16d50fefa1ac01f89b8470

SHA512
e253ed4442e6772b6c370fe479a1277b70cdb52e19faa4d14e1ae05dd8e3d0454629e7c9d2b7e3e62454e72a3efba008291efc5db329e36111b83fd0feab969f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6e750cada7096784b0df391ddfce57a

SHA1
4e7044709f125aceae34de9679922866ef3596e1

SHA256
7e44741619802ae01c811a6cf988053f2fd07b6dbbd5135f254e587db4a2e77d

SHA512
24f77ac1eddaf5d19c33c165ab92362996bbff04d1884cec2e067bedebb81dc19736ece22cd309d586b56746a8df54713cb3a8eff8e11e244f76cdfeb700f7e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b20fe9ca7433d1614b68cbcf54e20d41

SHA1
82694c8fd4660f09925a96a1d44308b6cf6b7595

SHA256
3d679539148c2929a2f59f2ba32838064a315781dbe8bf9ca545692d0c99dc61

SHA512
2a582c175961de286997d27331cce6b66ab51872e5a165f72f6b2b0f33ad56421c05681c1584ffc957f301b83e13695435b22a3cd6e3eab1e88407c26b39ac4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
215a765a963616243ffbec3ba2b69c8c

SHA1
d4affaf1b776f686a24a8c58f92d89930544ea94

SHA256
a72c56cf3ec13948f3ddce6b384b1bc4cd9eea3c1f674144b798bb64e7c80de5

SHA512
896ff0b9b0744388b7610c9d4153a9181920f8130b896fdd61a284e2190c7c1493fef8c36a0da5b6d1618f1a1d343f780188b91753dd478a1a365d7524eaac39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a85cba2ce238e304f2dcf6fb8d0fb0da

SHA1
2a2f23e60ab22eaac0110ca91aa1cee191bf90f2

SHA256
e54b18a51d88a771952fa36d0ccb7b5541c50155cb5e9908d2787b03fb3a1c7a

SHA512
91e67e2667b8f28e9ba1ffb584e9341dde5db7fd90688f349faf0246a82f9aaa115d816f3f90275890a22f30a1abe571dcb87859eb309a30e570bdd6be00c021

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
580da7a5b2b13848d143b4f53ea80ac0

SHA1
9e6ffc34cb3acb061c26bad13b2d3830dcca633d

SHA256
e8d84e1d19c060e47f1bbaa7de053c02d5f95e63f2d41c4feb37398f7347da5d

SHA512
5aec3d3a1f884435628d9bd09d88d4c37285fed6e7fe93df21bc77ec610e19995dc83b2177e79a891a69eb2e004df04f5362b22845549f0d50aaed062b80c0d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1B50.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1BA1.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit