1e3a6a7f02f49b5ddfeb14df798677a8c56be9bf0b8ce5fb8a508ab3680740fc

Analysis

max time kernel
150s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69586fc56136cb73bb0491c3615bd27b_JaffaCakes118.html
Size

137KB
MD5

69586fc56136cb73bb0491c3615bd27b
SHA1

3a9ef77518527a66b80a6db6681f3be06a6686f0
SHA256

1e3a6a7f02f49b5ddfeb14df798677a8c56be9bf0b8ce5fb8a508ab3680740fc
SHA512

7e8674d2ec8c01312d84785e6f0e77efef49026f07fbe21314866c77483a05e27cab85d63cc9aaeeed68583d8b1a0c696b3c33a2c119c6325c05a4dcf6ccfed9
SSDEEP

1536:zOZydlEbbA99YZHqRHHEExx66++IIddtt77bbSSSSccllbbFFDD998811qquuHHs:z9dlEbbA99YhV

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CDDEA121-18A6-11EF-8698-5E73522EB9B5} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422590886"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2804 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2804 iexplore.exe
2804 iexplore.exe
2204 IEXPLORE.EXE
2204 IEXPLORE.EXE
2204 IEXPLORE.EXE
2204 IEXPLORE.EXE

pid	process
2804	iexplore.exe

pid	process
2804	iexplore.exe
2804	iexplore.exe
2204	IEXPLORE.EXE
2204	IEXPLORE.EXE
2204	IEXPLORE.EXE
2204	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2804 wrote to memory of 2204	2804	iexplore.exe	IEXPLORE.EXE
PID 2804 wrote to memory of 2204	2804	iexplore.exe	IEXPLORE.EXE
PID 2804 wrote to memory of 2204	2804	iexplore.exe	IEXPLORE.EXE
PID 2804 wrote to memory of 2204	2804	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\69586fc56136cb73bb0491c3615bd27b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2804

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0ab42ecb660e51fdc442f5ea26cf8b8

SHA1
d12b28bad2219a7bd7b865f8bbdfd6b2d48a297b

SHA256
f4d449f5cb988fb4698dc5eee89c3601a29215c00afa365155bf96e83cda04e1

SHA512
2237c874af4925c7c19752dd8e6cdf3baba5b901cfe1e82cf837a1b90588ba966932d349f44b9981fef7542f86c3fe5aa87f8b7146727efe3771420fd0480e5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe6130c081ed5ccbefc56efa72789ddc

SHA1
feca941af745adc4efb6790eaa9e7c6b966f9fd0

SHA256
8ce8bc581784bee67030d2e3faaa5bfa5a257c2c278a5c08de9fba6536e5597a

SHA512
4b3a47604ec4b12fa88666018e66a0be3522cc74203df1ab22f90906f795452afdaa58737913e9d0b70fbd16bad8b67ae7da6b234df0db4d05a3a4be11e6d864

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b426762de7abc23a8c46e8f7a5904cd6

SHA1
3b084e397928e541870ff0a487e7b6411bc0bcfc

SHA256
a9afc87e98f3751afd026435f5daec90744b28e40e9e007a783eddfd9eb8a1d8

SHA512
5664805d55bf2885ffcd0c171d3ed3ef24c697d004ee25864431e975d982d9f18d598a37bed42c1c4f55cea8db724543df34fe80bc3640c91e8bdfe733528858

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64bfa50bd5a4a565922980e9a315b93d

SHA1
8cfb0cbb30603ece5f455aed196dc4d06426fd25

SHA256
d9900434aa75211d78fd4e66fc69b3eff3552263a860f6e8f730006b4eb0e31e

SHA512
4151395ef3c26c10c0d6e78cd99590b11a39e4fe0c45dd53a94a53ace5f8503de180b32e2ffc4e5081aa5f565c48fe01f3d239a68ebdbd5f9054a372ca7c8a27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5bdcef1299f1487a4bd6a054cbce218a

SHA1
9097da0f7f0b3f477a23c0f93991eebfac7a1972

SHA256
16a34dc6bb74a809f2e9e30c974f00227cede9d1478893f34d8a09e436be9708

SHA512
5d668cde2d25d8800e933ee3468706ed2ed04e0c9146b9fd594733b387862a65dd9f5bc913906d99d01bcb697d3599ae0697afdbf20b5aff03ae25ffa21bc73f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1da3d36ecdc6bb3553e4fee7635ece24

SHA1
4b4c1850209caa0b42202f369ec27d4eb6889edc

SHA256
5f07848e6e8ebe2d8969d4cd1591ca407d8b87658e2aaf6f6ba269dd9d155720

SHA512
39ad0f5940da7ae6ab8126c5250de7c70d7aadca092e3b14753060b0a4d445749f2c922e44c92c0fb340f99c777c20860fcb71b4803c9ff94880b7eebf14ac24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
423fb9081ef71735c6488b88303c5359

SHA1
b9b0c9f729b8f26da11f5785a44ec37a12b3dd78

SHA256
515ba73d5f22c1c0fcef84fdc334d9316696d90d8120a27339933a4725fa6aca

SHA512
7f77d111379d7402db1532a55adfa93eb6bd4e0cc7b58ad2d73520ca6f0086e5d6aab79991f03473e7fbeb54c584853f0dbf1186dd3f212a64194f3e95a80f65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7979c06e10b35ec3a938fd66ecff3cb5

SHA1
55a751cd994b70b43e8f611183efc846f2b7036b

SHA256
ff0f8de831cb7bc7d5294251e787f5618ed285e9d98c5e9e8cf7710a6b8c55a9

SHA512
ee0c61e35ccfad1dfadc54899a28671fd1238990cb6d7f03aa22a316d2d479734fcd0bdb7c1445e515c85b4d22161279504c70f2e2e026d3d39bc7f7beb610e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa11bb8dacfe43b392c50bbd2f57442f

SHA1
2d70ca5efa9b5e1193a31d62dc516e7501d772f1

SHA256
2fb19b568fd96bd3fd87d16da1caa2e0d5f377ff32d1378322455f987c2bab54

SHA512
e8c5f870b1e61a805c56813a0d6d6b97b6e59d78bd3539302f1e53f370c545387cada67cb11748e38f465cdf60b5503cd5f542ad9717e3112e215876db2dbbe1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
858aa2d43c6aa994b72148ce840676c8

SHA1
b3ccabbc911e1aff97f50391b63d9b2947e8843a

SHA256
178cbcbf40f19faa922cd3aa1c82880432beae0c61cfd6f4a335416e60fdab4d

SHA512
a01dd0576a3abbdddcd1b2631634ab9fc8bb3c6a9026b24fcb7c383191da43abc33f76c60f3c928e1ace013460fe196b6d10484b8e657028afbc2ff56b3bb5f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3cc0390fdae707c3b8fda191db5a6e99

SHA1
a2b40d3956cccb891457184d2aa7ae23ddb7626a

SHA256
a80328a40c7dc310d45bc5a36811c8beb31a0d04cd76f6bf40294ae134ebab8b

SHA512
7373105c160dd6815d23085bd9d2676797b89cc71b9fb3c6ef9376c893249af8c216e72a4fa58d9ac429232d576fa3a563c0fb30b3ead2a589a0d78f3bafd137

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64568fa0a920176060f761880a7aaee8

SHA1
e8d2be3e81c6b5cc27c2fec5509f8f4313398600

SHA256
b46360a856cda818a485417a96304049f3cc597bfdb4c6c88d3a34e6ec2d7ca9

SHA512
5dde591b39d9f4c85c1a295576a1ad35cc675437fb89ffe620963a3e489a283de7e63ad0848711ad6aed433a26b430ab8c1373ef00c358e5487a455b718dbbbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab76F5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar78C2.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit