864868ff16dc06be576d707ba8a66aadb25fa3a2316ae987fd12b168a9a06ec5

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

692613e083c674c08a6bd2b42caa942e_JaffaCakes118.html
Size

12KB
MD5

692613e083c674c08a6bd2b42caa942e
SHA1

4fb62415299c7dca187f0da79da3c0c2c7ebf8a3
SHA256

864868ff16dc06be576d707ba8a66aadb25fa3a2316ae987fd12b168a9a06ec5
SHA512

47efe30e4b3c40a7c4e9dbc78b95f5808230b05216063e8b472188d68456fa2819424f5d00998c9b30199be0e0a129b01f865951f6221131db452e0b079c2053
SSDEEP

384:qO3I6RxkRMp0/eUuLDKyWETci1T/GzEWEd:ywGMp02Nn8S

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422586107"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AEC50E11-189B-11EF-8C93-DEECE6B0C1A4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2972 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2972 iexplore.exe
2972 iexplore.exe
2936 IEXPLORE.EXE
2936 IEXPLORE.EXE
2936 IEXPLORE.EXE
2936 IEXPLORE.EXE

pid	process
2972	iexplore.exe

pid	process
2972	iexplore.exe
2972	iexplore.exe
2936	IEXPLORE.EXE
2936	IEXPLORE.EXE
2936	IEXPLORE.EXE
2936	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2972 wrote to memory of 2936	2972	iexplore.exe	IEXPLORE.EXE
PID 2972 wrote to memory of 2936	2972	iexplore.exe	IEXPLORE.EXE
PID 2972 wrote to memory of 2936	2972	iexplore.exe	IEXPLORE.EXE
PID 2972 wrote to memory of 2936	2972	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\692613e083c674c08a6bd2b42caa942e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb1d67a0acd11146017875eef5030f3e

SHA1
cba55cdd8d2a2e792d6b4bc3c29fc96f4cf399d1

SHA256
d41a0e7c52b402671ac2419464e2efa7dd366d6931b9cb2e40fd7084f9f725a1

SHA512
5c14c86df8bb486623bb3d34c5252857e6b05721490a8cb8cf65aa4fe4aff537aa31fd362b723405de2bf6ca84009035bb199d639f107e3b8ba907cc76447a87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
979cc72160575cc613ceca8656a1cf51

SHA1
46198af09af3868215f1a401719ad000f8dad6b7

SHA256
ac3b84326b7e31f0f594b19fa23e8e53781dad7cd9c34c1dea870545ef025001

SHA512
4ff050425f30eef5a68c92a8db1c4d0129c9e2148f7b8d799d5f54d42ae3c6b302e60ff7b06db9e68f9e362c7c59db466498a0e3f1efe895e297a677ecc7f02d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aabd6022b82ea75c8b1d72339f6f50b8

SHA1
bcb6adea658fa30c35bcd51e0d4237461ca21fda

SHA256
dfa28d0904c2a5cc12385871f3c7bd0621e775de42349e5ee72d8b8c02f40d8c

SHA512
c712be0d22c0cceae27869f9c5cc442ce09d89d90c716b5682b6c4d643b39211d754b4ba9791191b241e11d6957d096f9503963670d49966b6f7e7f4ea8ced5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
366965adc0d269b5bdf9b2304cc14adc

SHA1
0f41311285f6e018cc7cd5613d583ea13b7fa19f

SHA256
eabf0a22cdf44bb6743aeabab8e1e377b8aa8a99f4687e565a89772294446862

SHA512
ed0cb2b5fc5a591be3d373e38a80e3e06ee15c23f52c6ef3f0d216aaf42359e7bab6909315dfacff3c546ac21a6c4f2ca9add661f66c074a086056626f97bf5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
159ea6441a11369dd8cbc0ff88741b35

SHA1
e02546091317ab51e0af535950e5ce0c6bee74c2

SHA256
a1acde009f69d2cebf0b282581ea8137e5cbd1429c3908fc55b68a394a9f57f8

SHA512
3d42cebb4dda66da7690145c1fb6d7c290b1d49bbdb7be1e0a1f2da49121dd5f6f1834f1b591335eaefba04b1ddc57a458a7ee003b621dfb0dcffc4e3031414d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
233bf547d5d643387ad82d86ea8b67e5

SHA1
63ecf1fbe10302083215aff19cb1a55652a33d2e

SHA256
421503d3502b04d83e3b5a71e3d137794ab01ea1db9cfa0b3cb19b9fdee7cda4

SHA512
fc9c9171b0414d1482e88c533363f28fc51b644afa1c738bb2a90d6ce15ed544961f4ceb6e662dbccc05c5f893b36681ff255d5bb96830b7855ee99f27d61d02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66c06f7a98d2bc3d66da2583529488e5

SHA1
401da279eb9192f561048a857368d3bf1a41a1a2

SHA256
dabe6218ffe08434df4e773ee2bf71487286d1c396b29b89481d00c5fc205384

SHA512
2049617eff278b35118cf2affcd317fd67c761a8b6bc9783747275bc98280ca2751ab2bf172744a19d50436a3df5334400c4d71c805167d588d933bda82ffa1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85b970bbea096b672e339ed8a5ce6906

SHA1
40b5a633f678cbd2a774e890875316af16a978a9

SHA256
14769da98f883122fa71fa84c920454f7f87ea22ce0fc0303a5bab25faae9365

SHA512
eab0be7dc891cd67fad66d847aeddb977b957ac20f4efd500c362217e55d18cf1bfdf9e3a5c4c27b997f017b7b4375d0293df41448dfc0b41ee7da21350c3ed0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66d10c02c378d2e5f73b039e9997280a

SHA1
f5466b36ab4ca482426d3e7f080a0a464b405ae6

SHA256
a5b7442068a92e902566a56667483363c58ca9d2a200e7372ff417481bfcda3b

SHA512
6fb0be73ea56ebdc968f1a44a07bf600a03e7340b6879968fc55587ba01e25d9844b67cee9a83307533b8e4662defeafa0915bc33729e64fd4a96f3ed72a32d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e56b167e020f71f245cbc644fcb2d80b

SHA1
c4885e4e1e45c856f7cf3fdcc37c81e96021a92e

SHA256
a4ce83456ceb5c9366362b65dbba7549a0ccd4981383e59952e0d780415f275f

SHA512
3e50863255a336750c422a62e205e6091f041231a9f2eade9f03b4ddc1ad53032a0a24ed6b477fc7eb8a04df240c8c1be9be4ad2c2afdb8813b4a99f5dfa9f42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9155f2bff855f2a82efccd91107c3cd7

SHA1
d918b42b36a5ba0a1d4bc4127b7510985d2b4838

SHA256
19e67545b0a17c38044d27df7bfcf6902b6e6c6d92c102a387cc65f341c94a66

SHA512
221926ba8189728e38b650578f979a70cf654d28c28eb44f1582fc17c6bf7336180900c62d8c2fcb60be18bddc1355b488569a6574847551188c72fbf34d6209

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab24B0.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2513.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit