1b53f2351586ef14799ec07e9cfcc7d178db1caeff73bcbcb4f4538aa041fb6b

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

693791d46a46b6608047b407afa50240_JaffaCakes118.html
Size

155KB
MD5

693791d46a46b6608047b407afa50240
SHA1

51e75173ea35e5e1a48f40344a5daf242854f5a3
SHA256

1b53f2351586ef14799ec07e9cfcc7d178db1caeff73bcbcb4f4538aa041fb6b
SHA512

b08895f887cce1d5f44daeb8b4d6f0d239e9e2b0f9f0d8b8840f59ec864f1a24b6b466f5a91d21802ad8cebda40b51bf27e89f3d683b47c14d7fbaf632a33c8b
SSDEEP

1536:SdmPUFwcdyp+yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:SduEyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{92C799E1-189F-11EF-9F3E-D2EFD46A7D0E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422587780"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1544 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1544 iexplore.exe
1544 iexplore.exe
2856 IEXPLORE.EXE
2856 IEXPLORE.EXE
2856 IEXPLORE.EXE
2856 IEXPLORE.EXE

pid	process
1544	iexplore.exe

pid	process
1544	iexplore.exe
1544	iexplore.exe
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1544 wrote to memory of 2856	1544	iexplore.exe	IEXPLORE.EXE
PID 1544 wrote to memory of 2856	1544	iexplore.exe	IEXPLORE.EXE
PID 1544 wrote to memory of 2856	1544	iexplore.exe	IEXPLORE.EXE
PID 1544 wrote to memory of 2856	1544	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\693791d46a46b6608047b407afa50240_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1544

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1544 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2856

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
873df9b8f5d661ed865699f6ef4f1898

SHA1
b20a0b21c658993eca515a16cf2b2c0eb1999a10

SHA256
7df2b8f67e61d445af3f086f60b0c80d214ed17c7b3e7836b1cd21511705a362

SHA512
f619bcf0b1864b8cb26bb6605432d93b471274d8191cf2873a02d119ad9f9529e0bada14fe5ad4b36e2b2d223b152544b6511d41cd273e25a2be0ef4d761ab7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2c1a13d432db24bc7f771de3ef60c46d

SHA1
301f62f7568c7862da539fdf23ab8c08b7e650e2

SHA256
f9e45b574c63b382a9399605941d0b8e8361c3cf3abc8a320ab793e770c7d401

SHA512
bcdbe07d58fb0d58b759015b9d867d7592d371bb58bcfa2730c21d7e5abc6e6d2f6b98383ee777521bc88caa7a1afc8c7c6fa782c5dfd50edf20b53a8ea088df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
aeee343684131d5ed06a4b738a6bef10

SHA1
17be3ad8bbe27ad6c10e475b9ef9f022c249ed15

SHA256
e10133518798748bd7cc02f2323a33d3e746dad1f5248e5e0e862301f857afa5

SHA512
c2586d34777f2b7129948e283ae09e19e2545c4a00002bd727984d94c1e75740b7570f61fb11b0f1c2182e11ab2a8c12c4f7ed11eea276297d0b174ab24e4b13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5068fde5eaea5857c7dd7c879c5dcb4d

SHA1
7eebb15252aa55d3f6fd39e3bce7cd66c7788843

SHA256
0aec2a564601101b44f46acbc1c261e727e8137082700090a974702cf0d8b6a6

SHA512
b57f68540fb2d835520011b1723cba29e0e4e2015bf94a027edf57cea97117357ee383caf1a1adb4a501fa58c422e4a5260f6e83c31404d321c8e2992e92caf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8c39669fe169e4d22b6b43c6797593d8

SHA1
83d0ec7ce112caf6dfa0d13c27b7447fcde73a93

SHA256
02558c1e919cec7d4e59fe841f18f48981d454612b4b17ebf4b42b7fcdfc39da

SHA512
f889b4a74bdb181e9a97b3653511fc5fa65d6137d959aa797a373c22c148c478d80f26281ba80b82fc6f2dee9abf55306cf277faa8691857108ede967ddc6fff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e85cac63ab1ce8c5f71d154ad1018f74

SHA1
741d313b55aefc18ea89d292e4a359249456e166

SHA256
4ef2fb6adbe996e40c948c51fc06d4217a11c5eb40337a69853c6c98fbadfa66

SHA512
c9d155a56fa750a75acde50eefd12be8bcc648df5ceafe16dbaee46949994199980e0d6d883ac78f952dd0d2e670d0c87496ce75d5950c6c2b477a5ece026912

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8c4c3480ae3890cb32ea02ed18231104

SHA1
475f7a8fa3dfb5d7f0db923825b1e466e4bb0a30

SHA256
6ac5d70977fdafbd5ed8bd24cf1deeef57db77b14ec4cf94e0b1c008969d3b32

SHA512
4fac6dc580587aaeb81fc116cb57ed28489dfbd88b2bf96c893cc8fc32e4deec6d62454d71422b431d7bee7a30ccb34a55a2a9dfc3c36da566ea49fb05e85559

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c975bee781a87020600dce4d0a85d51b

SHA1
5a71ced664026524b1eb427dfc4ceb2c08d7aee3

SHA256
65e62248660798a4bfc9a53e5d1001a4ecf79c407a6d691fc8d44984d6a16833

SHA512
469b5de42b8073218b0b883e5bf5b6ecc26931bf3b562817a98326e9492344435ce1016b11dc230c695aceb33e10c2b36cfc1cf8b11dd0cec470eee057a40f03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1f201447d442052c608802f7635d6e4d

SHA1
7f1ef21902335126b2c9b1dcc4be589dafc35b40

SHA256
dfc457c14ba69f509d48b9ee772ebabb7103d06c88f624819cc06d5786ecb0e0

SHA512
c5399a7836cca3d3936c32f80966b3923fc657ccae5f39f62d75ce1ef87cc1c7c8b8f354ac79f54907aaedd47385f149f976135ae2e2d4b0e79235f631bef56b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
bafd4f365fad93a958a09c3159981725

SHA1
68f394a934a4da0791f79cd9069b6e456d4b86b0

SHA256
ba4889d0af2da7ea14f44fed9a07da85e5f6710c5de171a58cc044653b1279ff

SHA512
8b0bdaa5595ce05d57d9ba54596c2d1e3aad0a77fc7491b7ed10768bad2299dddc6e7491f2e6e00b6f8b0df38962cbb14564dbdf584af0244d80d503b0a46438

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4617d52c633415ac448514eae0977303

SHA1
20347186fff4ad288486780b553afafc5235a37f

SHA256
07e76259c26b3d53116eef3b787535c8065a7ed2043895e6ba54d471173674ba

SHA512
ba209c7defb1debcba3e0429930752c86a51fd82b852a73bc16ec2c18710f6ef9488c2867abc47c2155fa23b9b5acd38ddf0b01029deb45a2ab0de6e07e86424

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5007d99bc622e9c16f350174a5fecfb2

SHA1
086911cb41996aae3cc176f5af1d263a2d971455

SHA256
93b79164a9aef1d9df40384fabe9445285e7d5123d8851bf1e35d8d98e279b9f

SHA512
3d53f34300f2815b5fd423e108cf8f0407c9be96053637bd36445cf689ea2a5679ef46f3e066ad6e61701a76a9640c642a0b0958e470e5375f6dcbe6278bafa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8B01.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8BEF.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8C22.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit