e441cb0969d74881c898df877aba4e298a918b9aba60e4743ff0b6f6a9b3624f

Analysis

max time kernel
142s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6937f1a20396a437a98e47e79cd1f27c_JaffaCakes118.html
Size

27KB
MD5

6937f1a20396a437a98e47e79cd1f27c
SHA1

702488adf23c574b21d8bdac4e4ab25e4118b539
SHA256

e441cb0969d74881c898df877aba4e298a918b9aba60e4743ff0b6f6a9b3624f
SHA512

049a965efe7410795627f4b2c2a3840a421b1d4a5f49708bde57929d37ab491791f1436720c644251fd7383ff4fbf502652b9a1908149bc99f3a31e4dca8a41e
SSDEEP

768:BrdMXlUp5U9U/UmU4UwXqLsrb8C0fRj+TSL3T:BrdSli2

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A54ADBE1-189F-11EF-A8CB-6EAD7206CC74} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422587810"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2020 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2020 iexplore.exe
2020 iexplore.exe
1280 IEXPLORE.EXE
1280 IEXPLORE.EXE
1280 IEXPLORE.EXE
1280 IEXPLORE.EXE

pid	process
2020	iexplore.exe

pid	process
2020	iexplore.exe
2020	iexplore.exe
1280	IEXPLORE.EXE
1280	IEXPLORE.EXE
1280	IEXPLORE.EXE
1280	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2020 wrote to memory of 1280	2020	iexplore.exe	IEXPLORE.EXE
PID 2020 wrote to memory of 1280	2020	iexplore.exe	IEXPLORE.EXE
PID 2020 wrote to memory of 1280	2020	iexplore.exe	IEXPLORE.EXE
PID 2020 wrote to memory of 1280	2020	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6937f1a20396a437a98e47e79cd1f27c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1280

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
24b6f887e169c41fe063d794f3c11b69

SHA1
d288922bdd6fb6c9adfc51e0c8f8f99fddae9a4b

SHA256
0fb57fce86490d149d5357f4642a9e979cc2252c9bb11194a6b3c8bdc570c4f3

SHA512
aa878d566c27f3b4b243b0724f452a63263b730f82ab2f334b9d9cb5e55449a98b428532dce425b5bc2d8735edac2b142f7184dda87d1ee01cc6487138124b1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d33e0a69ae73e9d8fb78d75ea2b06ccf

SHA1
e30e55b5edfcd6007475f613e23671476d0460fe

SHA256
2ed5c805ce17b2d8444782b0ac4bdf20259a3b3eb157a096eb86e3fb987c542e

SHA512
3e68a728987ae34560671feae958a8979de945fcb02e93fee0aab4a38233a6b79bb13e65b5efea82c04dd8cba988d56ab0f921a474a2b4f783ce1784eb684720

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
53e7c1f2af73841c3750db23833984e1

SHA1
d653321e3e11c603edcc4b1485d02c452f4bde4e

SHA256
f8c654c930fa80c8fecf85d217d32b79063c9086a5c25aabb1aaa0e677232aab

SHA512
e71e6da71753e24ef89dd0a1012b12b376d3c01744cb435f531c099affd8f85c0936d8bc8241d374197e154450b51059d59f2f2f1ab1af19b442857fb1698c3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f7632e6adbe2a0967c717a3fa7e822dd

SHA1
dae7a38dcde7be19b9a43a1b165c303b50cfb924

SHA256
2296f2741dd3894be821662a8fdb43de5e3b6845cbd234b6f003fc89b5ccb595

SHA512
e41a6d5f4272f2239d8bb297362012c1c3bfca3f40b5382344e306e186a01cb970c7b1b33fab7eef5a423ab81a18af60a6022d1ba78fcb3c601621d721006333

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
00359804ca1bd26b40276423863b0399

SHA1
bcc87fe3a72b03b583bfa78d3ba3a6095e94b16b

SHA256
278cc2f5574e9f27554fcbcdba8819462b33ee351f26e48f4a9379dbf3706599

SHA512
e565315888f9272a33153837fa08ae59a3afe1f3b2dbf038014afa0c7159b40f144b77128a3aeeb02bc354292b38f2d647a8bb1b74856140b88ac153bd0adcf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d8d1e1300f671773b3585e662b47558f

SHA1
ee1ec3171da440309590be61d73d4b5afb931097

SHA256
d4de181b1dffba31f3dad4aebbf688c2932925c29206e5174d931ace1751cac4

SHA512
6f901a3adf0d8987e2d1445b5e46a16f841bb8bd9e77eff54772de90ccac7334a858acbdd8f926b4ae8d614992e64e85c788a79432d40c39929efed4d323b0ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
11d33c1d5b0b5ae94b50f2de7c0f1e04

SHA1
66dcacc86447b2083d4b036b0b375e8545f196d6

SHA256
a2f9fd78810d467c2501a2a28b7d935ed47bd4658b10475816f9a1888fb7aafc

SHA512
050d2ae1945ae6f416150903c57edb04beb2a20fa3cd10084f8d79a4c98fe40d1615131f34ab333aedf75d4f4739c94349d7d7c4bc6029060a44c8cb00d1ee4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
585e6d8c5c9eb758c4c2328b02881ee6

SHA1
1ff1f52b102de854783cec847e97bd4122a90964

SHA256
592c0bd0a79e344805976c6f056277c43ef96d317c769411769c8f1bf1f3f47b

SHA512
0461c82d117fe4eb5983e629f69018ce1c1f0b954c1bcf7354436a2328de4dcc41bfee773eba6e5ce6b1e37746af0796a42b3892c719d0ba15a95aca52699957

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9e5b701bc9c2ff8d1c0b270bc408acf2

SHA1
9ca6a1f2e505495b7640ce15348e93b4a0420dc0

SHA256
dfc72cb2f52879f6a1b797fff9cdb1c869483896468a0f9572cc8f4c798e9054

SHA512
9139e8f5d407a3580f2190d1429e99940aef93733e3fbbe0673f567ca6e9c35cd552eecb892ba3de6f78dd45d0b7bde7e1dc257f23bed450e40fc0937a02ccca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1D32.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1E43.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit