4db191d6d27288e34b7d22e82c5532ae0d867cbdb46d2f1f0a9a2b225a30085e

Analysis

max time kernel
141s
max time network
145s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

693b0d63416b39e9ed0d7f54effaf758_JaffaCakes118.html
Size

62KB
MD5

693b0d63416b39e9ed0d7f54effaf758
SHA1

06e17e53ab2720c9c830d6b1c18fae5855b333dc
SHA256

4db191d6d27288e34b7d22e82c5532ae0d867cbdb46d2f1f0a9a2b225a30085e
SHA512

0323d370c65bed1b6459488dad30d82992d84e142567a00ec025b26464b89c6baa105b60b6e3aefaf0f4b902b6f65f83a2bfb8ce82c2ad18a4131162a01c8af4
SSDEEP

768:rhy1StJi8FEwMrLtzcbzm9rA4I8XiNEdiM06U59nqjr8nvdIJP1q29D35Et:VJi8FE76qdAJdNED8nCP1Ot

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422588110"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{580EC661-18A0-11EF-AB01-4E87F544447C} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1532 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1532 iexplore.exe
1532 iexplore.exe
2704 IEXPLORE.EXE
2704 IEXPLORE.EXE
2704 IEXPLORE.EXE
2704 IEXPLORE.EXE

pid	process
1532	iexplore.exe

pid	process
1532	iexplore.exe
1532	iexplore.exe
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1532 wrote to memory of 2704	1532	iexplore.exe	IEXPLORE.EXE
PID 1532 wrote to memory of 2704	1532	iexplore.exe	IEXPLORE.EXE
PID 1532 wrote to memory of 2704	1532	iexplore.exe	IEXPLORE.EXE
PID 1532 wrote to memory of 2704	1532	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\693b0d63416b39e9ed0d7f54effaf758_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1532

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1532 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
565f24ed922c71b57ea02c3d5a46908d

SHA1
e7e2b43912b52d6e65f1ea299fe6fedfba051f64

SHA256
ee24bb717da1d9e73ba0b55284da90a58bfcaaa61d0ae56d14c7ff9f257bbe11

SHA512
e79cbd7a36223f4dba33ca9f20ddc30e6e8071c76f239b2a2766c1705f7ce621987329dbda6d4d2c1ef5273a89b4e560e43f589c171e76c62a2cb23f66bf44f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bcc53a400565d8390b0f850df294fa56

SHA1
028aaa9f82cc4b664c3df32b6cdfb9bb8ab88d66

SHA256
b69c08b762314ce39adf75e3813a55d672c5f8e0d34748902eb4023c2380713b

SHA512
e71584beb858e0675f1148ec11dd5b835fbeabec1ca2ca2833a4f409ae6dd2bed1699f93a7de50f58ed24e6ae3864ba2b7e5981561c879f32263e96b89dfc83e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
423e0f02d1293902486a3b0d444787c2

SHA1
6f0415e5a986eba1d756cc9f08a29f5c8d1c1db9

SHA256
dad4074aaa050278fbc41ceade24e77561917a08f16c21831464663cecad9941

SHA512
4c0061670d4a6b3923b49fbb679a5c9406b70d4bbef58d90196afe291706809304e9ba27a2a74b90ce3e3f934e16e2c9f0625cd3d1bbd43dd114ea39b2e8183c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d4cf1f8dacd8230a8e71c97337ca711

SHA1
6c6a455a9625bdb2463d60d0d07361f545c1b81e

SHA256
bae99a90f7dd3788ab59544abcf7a1d204690da6b3b5becf142dd18b41301106

SHA512
2ed8b0b0925aba64c754f310a03bf3dba7f8d9bcd5fc1f3d028199b3c528cbb8baacf134b868ffcff70834ee48d7777fb9a62d3daef80098814cad602a0b6372

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e724002f25aba2ab8cd4e159d556211

SHA1
88a78c85a249f199c5da427c6e64dda04879f9d5

SHA256
f7250c78a716349187210c085c39907df93832163839f0c715d091366f6331f1

SHA512
ad9caa66cedf4a97289786100f48693efc4dd6cc3be03faa5bf19c759262ac8ab2b56772a587c40a6b845097fb2534712636a967b9c02a37bb2cc2a9f3fe5a96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4636b37fcffee89f91c4180bfc60fce5

SHA1
be0ba78a55f2ddc83bec2ea100ade78cc6972ba8

SHA256
2a9ec572bcf0c8e93073627cefd18a4ce716703e1de558c46070275e9a48767d

SHA512
90b908734d6ab911ba5afc14f00e43c9761318ba571b14d476ea0693172e829f2f8cd8592e8c2ea9e82e0791a31f78b8439a352a69c48f332d238e77a2873f24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef6f661daac4e46c267c61ab32986449

SHA1
792f2cc22f37a4936e81b4170db7d082cbdff12f

SHA256
ad77098d3a1a04a659a8021ccd3e43c0fb26b92d3e21115b44b934ad54e47d9b

SHA512
0be0136f7a1e8113ad3f623ec6fdd7686a87aca89556c6284a17a3790f7917f9b1b6548863f1571e3530d5c9a7621fa1b000d8bec33caad35df7e7bb3eea29c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7bb9c0d9737edc6fc4071f89a5a02583

SHA1
ded5fae528c61ebf0ef395625e72f9b7c42faf37

SHA256
e0a1ce03448cdd8fb7580e7c6072d6d65214e807f7674b49fe8e0a2c0638db42

SHA512
4d4d29b12d0a3e2b57411d9733640bb97ae1d3a76662aad0681bd1ab207f24cda3afe1707a074025fc9f0c1333b0c3f0abef7cc8e90a58c034fb27c977a6d71a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e709f2f64d8fad1c849aab6cb2264db

SHA1
2ec9e99272eef42f5d07c2d876d59ceedcf20287

SHA256
f115d402111e20742e58542022be5d8c91acebe20cd90a1243924a155e37387f

SHA512
238632c9ae19bce9da3b79896ef7b934733127997283590048a42d91453bdec413edf39b5b7c31f5ce8310498a5742f97ac8a9d6b9bf8fab1bd93b1f515c62c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a4bf5a4a4226659005f66f8a133d46a

SHA1
6933fbf780ebe97649ebb0d740a5dc36af85bb54

SHA256
9c9707a5c772fd5b5354d5a98a888a92df502a89a8aac3a6b69e190dd2fda529

SHA512
d3f17bea25ddc18e71731fc3e82249a4c27cbd8e1e5ecdf0575721c48a88f6686f63bb5a89694348e4d64de6630f9d6c7a7d68327f5a87847ce610c3820981c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13fa581b005c54284a691137619a2233

SHA1
7cde996c015677ea900981d0ff4d5e247473ebe1

SHA256
3f1be490615c3cd0907deda92a35ecd28b9bb5d166f5662f69a63253deb4aa54

SHA512
cd9601c65fc323da3ebe4b0e8ba01d6ee7799ddc6d2e3484c0c6c39eef30b3b634a2250935790b33b490a1bd3f8b0303a71b5ef0b364c70d15a4791a49e08ef4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e376b35859390601f3d39985302bebc

SHA1
dfc59fc2726a5965b518606438467f8c40f50e2a

SHA256
f8c73b46d9cec4e790bc79d30b0a1d388163718eaae7f348292e03418b1342cc

SHA512
a2fb79b8bafcb7c24b43a703a4c6b13fc904134792a9edcd36584b0d1f6852c54fe7814f711e0c607a53f041cfe43bc790a1eb216f064429744558bc41f39c2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fce98481183ba49a166033e4176b523

SHA1
0fe0cc17182586ef421d318f9c8cd149df451e3d

SHA256
2ef8ac371d8caa380f3dafd1e6c0d5813a6a2d611c84b93b001cf9a34a8df0f5

SHA512
879e15b596f068fe326e98e90ee37697f57c8c44940fdcff70ad95fcc540362c38cc4d6fa28c82e2aaf2f1225263470b7e32eac0b95c83fbcff7ab4d78c58474

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58b7daaf67ded9a5e4456ffa2fbe8514

SHA1
f6f01913a368c806b191aa73603891a8e2aab78e

SHA256
07c43afee0296666906fa356ad737deb8d1ac010e5f91bcfcec3badee71da654

SHA512
809626ab43bbbbc9716545795457c92da190bf44f82d7924fffa0913b824cb3664696c77a247c2cd1ef121b264f1773e8cbf4630d88bd54d9f09d813d65e4cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab26F3.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2725.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit