52e8e024f13dc74a5eecc49b73031c5ecec1d9c25b993975f8f452c9d8f00e00

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6958afb0ff3ad5afc3fc3ba7a84229f2_JaffaCakes118.html
Size

14KB
MD5

6958afb0ff3ad5afc3fc3ba7a84229f2
SHA1

eae0e317af7e613a56a91308be0f31b46186e6e2
SHA256

52e8e024f13dc74a5eecc49b73031c5ecec1d9c25b993975f8f452c9d8f00e00
SHA512

950c90ccfaf6f018ac34b8e55fc50c1d914117af4229604c93e8c83e65b388ae85a92ee34ca54f928ed830b09f484a977e3a3a84a2e13f785b485c7d07a8cb02
SSDEEP

384:GRPsD3N319JL3YpZGfye65m6vnyYE/M38Frl0fAR:oED3N3t0Gfye65m6vnyYE/M38Frl0fAR

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DD940D81-18A6-11EF-B238-4AE872E97954} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422590911"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1640 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1640 iexplore.exe
1640 iexplore.exe
2080 IEXPLORE.EXE
2080 IEXPLORE.EXE
2080 IEXPLORE.EXE
2080 IEXPLORE.EXE

pid	process
1640	iexplore.exe

pid	process
1640	iexplore.exe
1640	iexplore.exe
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1640 wrote to memory of 2080	1640	iexplore.exe	IEXPLORE.EXE
PID 1640 wrote to memory of 2080	1640	iexplore.exe	IEXPLORE.EXE
PID 1640 wrote to memory of 2080	1640	iexplore.exe	IEXPLORE.EXE
PID 1640 wrote to memory of 2080	1640	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6958afb0ff3ad5afc3fc3ba7a84229f2_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1640

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1640 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
7ada856b3db6e9349baa6d2bdf2625ae

SHA1
823bcbb57febb9ef10ed83fad47e115cb87daf89

SHA256
a37755fa279c8bfa280fe7337dfe0928bf7e158743813a83424181bc18ee472c

SHA512
cc23f35cfd1c8035880a55529abb877821a73edeb51b08de0f865bd34441421b7b67c42f54f13200e7a42890a65eeecff7940c865b755999dd55ca94af5ed1e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1ba92ba39f874d3fc667749b0b21db9

SHA1
3344b1848fd96724080e56bbbf463deb10d3c68e

SHA256
2a621bd1fd42dba89d58b74fa79a1e82d93914eeccac3daeea4d2b5ec249b9b9

SHA512
ddceb34981fc40732cc813fe8bae98b5bc4d793b114519093c8a25b4cc330278117d68fe14a0e19a834f8ab6495a9edabddeb24f6bfa9868f6a313f922dc9857

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5626d01ebdef62bb42391e4cc8e82dfc

SHA1
0379aaa96436cf0403124ec6871de7b896fcad34

SHA256
42f5f0975df769fe99afd22f16994556d9d9006d2cb11e77ef105edc758677aa

SHA512
2bb0c75b044603ecf514760261947001c6cc60ef8afcd65e188adf136f568941b96c90f2cc76d83180ced304854670b269ffe726ece30573b9bdf3ee404dbb2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b1f6f486e0c42b2a4c6dc4b29083522

SHA1
789eeb005a5ec7055676c320336c5b53a04ef761

SHA256
e30f4ac89457ba04a951407158cc4f8a0e941fe353bf1d803e304a09a9ab757d

SHA512
24e697a583ff691710a7fb90e7180dbcf6ff7e24d02fb6b41263477961ea1f2bc0995b19c0b3fb97b738f4c0911bc13495216f80dfef469afb11035c2c2b61de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e9823897542240da5d6d31a9ac32eee

SHA1
c76e7d1b20b366933408c6b275eacaa889a47c81

SHA256
9bd272f5ca7f2c35af026fe52b37c0e0482139b4027c30d4d4f643034979812a

SHA512
435ba2939f2cede3602e65e4d44be5d3c1db81094ed3a34b462f5d82231562b039114a98b03c0971eb7efb01ad2d2288ae192153e7fc86d394e031f324aa34ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3bbfc0a6027bc9990a074c9ef5ed3ff

SHA1
1a224b38ba5f934b1ecbefbd1b2c0f89ca5e8979

SHA256
0294f8e7429c81b7cd3722681699ebe4d7ddce618ba14a29df0da773179ca71e

SHA512
12923f1ce8b266b3eb235a97be128f80cc881d01b1d4ca98b695e98c810fac83cb327b374ede9f617f7e5b10a1546f5a41c10558bca24255781d42dcd141d944

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5089bc78b1d0f69e9007b9de78139ba5

SHA1
215ae56ea3580239b004b450e6784d5d0ae21140

SHA256
133de20429e1828adeca56531372341eeafee2f1732ebec737e58940ca1a55c7

SHA512
74a8ddbdbd3309a9a4b5f96f6d81a5a9fad6821f3efb879bfd13fbcc68a33214ff71c66ae1418c91f03dd9def5eb8d590bf6447cbde287e40288b82ec289267b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
642d0ce8207913e2034136736322cc76

SHA1
b2d9610526d8a1825bb8d10404beb20cae4ed71a

SHA256
b7c9ac8bb3051478b28bfb2cc39b43ec36cbc4ececf75d138556dc93de112e9c

SHA512
4461b987799d9fa8db180f9ca552904d60b0ed5ef5efd51a03301fa78e852bbc6854bd80116fe3bd9a521700971e2b235c763e14f898f2b605bfbfaf00fd0260

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
887180317e96a06e078b62ac5a93d873

SHA1
ba53701daeca7a5aa0c656d5fba0611444d9f2d2

SHA256
211c463924fdd0001ddb52e1ab316c2ca153046f643cc55885fc1efbb789b479

SHA512
fb3cbddae669915ba9a7928e4bc46fbcd32abc97dece58da3a2d849bf9e145a55abf138b4ebf1bd1c09e52121f75f556ee1b8c9f46514aa92ce39884bf098f08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
799d22dc40e8cd88fb3036227f17e6e7

SHA1
d31679a896a0cde20c7014b5a6953998891d642c

SHA256
bd957c56bd428eeba91264828d284e61dbb11ad3a43fe47c6cbc37bc333d2d15

SHA512
3573e82210cd97acb21be030b642caa616149b46ff738ea4edb862c62e192c7337f4b7e371dfa9c88713288861c3ac86a65aff1c1c60ff2597cf06b3895423ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ecf68128b1fc015d92fe99511e78d976

SHA1
052dc8695e437724c856b8f917cdeea26211d385

SHA256
e83d0fb51c4f498522470a1080e14e49b2abcfada8ac3a221ca34138cb86d53f

SHA512
f2842ddce4727c774bc83bb64ca48089864faa8b20210dcf6b04d9adc11bd95ef7d33a9922f1a5fee8d17712a8c5c722d8302f2784bf52b006b4cd423b571558

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab21C3.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar21D6.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2343.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit