a2ed8c88fbae9bdfb3b412a33951480485924c3d5f56aefad369736ed01f194d

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6951c9cad3e112c6deb088d8209659a3_JaffaCakes118.html
Size

143KB
MD5

6951c9cad3e112c6deb088d8209659a3
SHA1

2edc37a9a30de352c1d290820d5478ee8f5f7308
SHA256

a2ed8c88fbae9bdfb3b412a33951480485924c3d5f56aefad369736ed01f194d
SHA512

0976f8dd15600be907dc30b80faaa6e48acd5949ad696f0eb065cca547983ddab73d8c6fd522ee1ace43f4c6451f5565da0b3977144f2a5970dec626a9d8b036
SSDEEP

1536:S6Dm9ymIS/J/x76vuyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3p:Skmpx7dyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422590233"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4A148541-18A5-11EF-9B71-FAB46556C0ED} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2428 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2428 iexplore.exe
2428 iexplore.exe
2932 IEXPLORE.EXE
2932 IEXPLORE.EXE
2932 IEXPLORE.EXE
2932 IEXPLORE.EXE

pid	process
2428	iexplore.exe

pid	process
2428	iexplore.exe
2428	iexplore.exe
2932	IEXPLORE.EXE
2932	IEXPLORE.EXE
2932	IEXPLORE.EXE
2932	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2428 wrote to memory of 2932	2428	iexplore.exe	IEXPLORE.EXE
PID 2428 wrote to memory of 2932	2428	iexplore.exe	IEXPLORE.EXE
PID 2428 wrote to memory of 2932	2428	iexplore.exe	IEXPLORE.EXE
PID 2428 wrote to memory of 2932	2428	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6951c9cad3e112c6deb088d8209659a3_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2428

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f284530bf68fa4d2a258d0e1e44ec22c

SHA1
ec6e13cce10670c0e31386e361dba1965e6085ba

SHA256
3a9fbb598e573e467cb1036eb6ee3d979dded0563ba7d073d768f16499f1ab5a

SHA512
029ad60b1ea2626e52790628642ef3e6a2c3bfc6594de591cf6f251dac372604c10d50f1db7b3ceaa07629c97c72a97c76adaea9aeeadb76f24d73cbd003dd11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64bc4463515473c3d062027b8606241f

SHA1
2dbb0f232dd1ca73bcf3aa6e19ea3f2f3219a65a

SHA256
25a4cb61b5802502837830747293a42f93f97c3b7f457497d3b732e6a274c026

SHA512
955a05a818c4b29f77d049ff7770fad9bb3ca0013c2fefce193863b0d5b82ad46187a2e8ebe4041ea3da763fb341b23d1d3a510aadba1b02b4181ba6691b2ea5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d71758f00cc93cbeb604bb5a65e0f0c4

SHA1
03f96a2a65c8e060af1c9c39a889143784997bdb

SHA256
3b3381c8f1017dbaa872b1e6fbb00c37ffc06bf4a5fec0d386639f81945e56f6

SHA512
2de527b8304e655b1fbde4d09be46d7fa2348dea3ffa0a1ab495f4d7587e5d60714c93f6d184fee4b36860909c13b221357789f550c2cc6fac126586ba842b42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ea6997d57857e1bd1b96807749e25a5

SHA1
282de4f84ab0d9677a86f681eab030e055624faf

SHA256
829bf56922d87c043106229da979fd866f83b55d81a8d7ab94b70baac1bc5c18

SHA512
0041061ba9019f2c98a3b441969c40d4ff3a1a8a11aa3b09b53eb134c0e6f55ffb61b7d112b077a9e39957244073474d7b6812062c3a0322f043e607214d34ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7dd2121535497430381896e8504d779b

SHA1
05802b0966aebf250ea95b645e0027c2d76f97ef

SHA256
b9eda023feba27dd539263a583832764a0c31428699bc15db9e98085b514cac2

SHA512
a280f579a7fd77f9f90465e93cab811b360da639d3630da92ff01a963671d835cf6b6a5ca8a43a5f83ea140bdc519c7e3fafbbfd1ec1fc9345ceba781e93e6be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b27f605aab412c6108f29057582ee62c

SHA1
48e37fcd219a378d18f8dc56cdb0dfe0aa046de3

SHA256
09a2713058c4e6776ad5484f164bb37ff54e59689f9705cea23b4470e0e37c38

SHA512
6de4c868815cb45fe2d987cdedfb0bf958d99b50fcfc16a0c4e1e908f0c2a0f1ce3a995933c57049f41fdd729e90f956b44b8ede3602fc47c1b4bb24b16b3a79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd16dceacf4445f994d80bd6a336a5ec

SHA1
474fd9642e9e4a4c6628ed11543700804fb4dcd4

SHA256
1f92e98de45ba47fa22600b1b0bb68a07a1f1c2a30d57e3df067af055b23f1c6

SHA512
5ac34a9aafdd7ba918925030da3960f96739f61c39e7f582a53aef893b9b7d78992ee0618a5f5593a1054e5a5a9929ae55232b211e740cb7591d8963cdf1e9a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3cc704a2756c8dea43c33898bba205f8

SHA1
30ec620be7a2f153e545b31953573ea34cb1cf9b

SHA256
6a0d1eb8d46a1907bca1de3cf921510bfdfab8f3eb464fb0acce2ae390482efe

SHA512
d9b3582e02436bf4a1fb1b98598da97224a9462797a2f0ad9fafb984d11de0bd9267610de106c679d217ae8e8fddf1f0de919ca32c963b56ccd55696156b8fc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5071f053686f38711f60e903c9dd0731

SHA1
33d54b0250c9bc875827eb357c834767329bf7b4

SHA256
04257c66dcbd0d49658d02c55c2746740d583520f3f988d976ee8cdee6a1acb2

SHA512
f9064bd02b7883ebebbe6fd88af1c35399be3919ce1616a5ad8c97870db31f6912c887597bc9dfaefbc564c1d3d357c7d0d36c042a53c6ce14e0b22d0fe1d4a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
778e7c34bcc025b8f7472d04ce94f9e6

SHA1
5f226dc3ecdc69dfa6b2465c3a9338f226bd1ef5

SHA256
9e5e0f1979cf40be98ebbe4719d2358485fee6d5ca62dd7b146fbcfd34fa0f01

SHA512
bf6077052f2c383839638e4eefd0fe285771c1e054203b7a5085bb4925a95738410832c10b8c7f99cd1af259609f7351a8f5de7772ed44416263a5eb7e39921f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e614cd339126d7a91f8669b399692d57

SHA1
f3d36ddf7671013411f055d9bab7dc9e2ba45758

SHA256
0286956b874bf12514da9e039d7263e02da76c50762ff2346f6ce6ffcd8c49be

SHA512
05ade5292eabdd8ffde5254643a8a9a482ffca88c965b70da010e85d1f9fb031ab44681ceadea235511b44485608a905158eeb18add01916d8d1203160efa22a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
706245674b400875db268d7a931640d8

SHA1
ae1ef3d71426ffdc9b30446e3821982cfacf517e

SHA256
28c0bd4a956fb163f9b5559c79bbd59002a2e450bcab93dc7125f62bc4acc9f0

SHA512
0c2f5f9b83a7e34c79f4f59ae9b558b246e270e48e152433cef32b086c7a1171d36e3444b952441308c5c0bd5ce3e9bfcb6864643d8ace45e67665f31858751f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1BAD.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1BEF.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit