ad86d5f7446fe7c355a53476fd0d1635e882957387a2ed54853f571c8e940ad7

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

693eae294d4aba7a4ca36ecc3d4f3cba_JaffaCakes118.html
Size

30KB
MD5

693eae294d4aba7a4ca36ecc3d4f3cba
SHA1

362fc6b7fd17ade038862337ce831b312b3d95b5
SHA256

ad86d5f7446fe7c355a53476fd0d1635e882957387a2ed54853f571c8e940ad7
SHA512

abea8b3bab3c52916115daab93f0d4e1feb855ca30a56b2d9897cd47bd43b0342588fcc69540d93e6eaeb3232f1eb3f554a98c9dcd166ba3ada793ee878e1f15
SSDEEP

384:SKR4xkE/U4O4pBqcGD54X26flMxanDagQSbkye9BPCbbKsc45FJZFDu:SKRzUB9BdflMxqagQSBKh45fS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422588485"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{379B61D1-18A1-11EF-8A46-EA263619F6CB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1652 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1652 iexplore.exe
1652 iexplore.exe
2184 IEXPLORE.EXE
2184 IEXPLORE.EXE
2184 IEXPLORE.EXE
2184 IEXPLORE.EXE

pid	process
1652	iexplore.exe

pid	process
1652	iexplore.exe
1652	iexplore.exe
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1652 wrote to memory of 2184	1652	iexplore.exe	IEXPLORE.EXE
PID 1652 wrote to memory of 2184	1652	iexplore.exe	IEXPLORE.EXE
PID 1652 wrote to memory of 2184	1652	iexplore.exe	IEXPLORE.EXE
PID 1652 wrote to memory of 2184	1652	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\693eae294d4aba7a4ca36ecc3d4f3cba_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1652

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1652 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31984f7d997837ecc31ef592b2747d1c

SHA1
43a13e1cddebe746e601372dcf72292daa8c55e9

SHA256
e56a92c79579145ea3f47d240e56aa71d3806cb4acaa42ad4c8431a1ed97d481

SHA512
29ef72ea9ae20bd6dc34a4cf415406f713d2b16115748adc4cea5ab1940a7b7a102f12c201318acedb9358501bc8e5ad266d9406343eb62f7bb487ec70ff1c97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f2fc9e614a4801d61265849006368d2

SHA1
febfacd2ea7483fd5ac8ab1da7bd3565641566ae

SHA256
843c9c401cc8ff31b6d5c6371533e2a92f8f224ad072531e22fa00e6941d9b24

SHA512
962361a75c2310a4299975f317810724d38976dae24b0e225ffdd939cd00dabeb037acc7fd29b820ce27006f0bbfa28ba7a19d0dbd9c77a2431e8b31b4a49001

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16e29fd2fbc1020b31b2e6c9dd5bd642

SHA1
66a8bd5b2cc4c4547a700f8fec596869b097b57f

SHA256
ebfce3521c12e91e31d9ae72ae9e9e2e7f72a89ebf190dd9e3eaeac1fc45aed9

SHA512
e6094e7935f23669664a39a6b453ec5d98907e2379fd320510015fe988cf4e7254a100d17866d7e9ed161bee0a6a674e492e7f5ab47b080f7f9edc0bc139329c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b74ad7c93a7d0de12d90d3e3568d134

SHA1
c4f4d2cd1878abeb8074fb5ccc82a28e306f4e1a

SHA256
843eae29ba8551200265833e5da2b2fc9fb09f155f5cbc25d3796dda94bc9808

SHA512
71c342427110d0aa22d64a9c0f94b32c0f3b8f60034a5a48564e9b95ddf741c28b772cfeb485e5f8ad9ba8377935cdc0e56bd5a11f0f23803ac8244d63172145

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6abddf7b42bb530a65a419870fe9c2f

SHA1
058675eb889abdf41fec599c5c7dd359ef576af9

SHA256
2f5a4a297383046baa162477c2704d0fdf7996bd378324cb8aa030cbc7636f51

SHA512
23989a52dfba50c312a40d172c3768ddb5d6eb95fbf5aac1cb63e635dba06d64a543d488a344eca41569503e988d9de62aa4f3eae624c38b8afff06485aa17ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef20177f4a704d84765b15b73f174e2b

SHA1
f02b1f30adcc528bb97e93a03226328012d23f0d

SHA256
aeb73b90278c1ad67b91221aba40cf43fe0fad2b6f571eea4c0458ba18cea9a1

SHA512
3a02c44e467e35abcbad9eaaffa1d30dd248e808cee5e113eef57eac8c310670adc82df53caf86ca4ed60a6c8a67d763d53631bf2f9343a93001a176369d9e35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e4da90eb850b7304b3f5df720a74fab

SHA1
c328717e4e2a0abb2a81c8099a152bf77f52319a

SHA256
f2a551641e7d12055d42613a753143bf4dc86791f953b07215d6be63c4b1c5d0

SHA512
a7d78f06d91b7e9bca001008c5774f76745ed57f82145ef0ee39eb23eabfb742b43e7a91799da79377bae06829247ab0df534a4a011e1cb42375b7b3818507ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98bb9e509d43637a78cab4649bb4b225

SHA1
44e625cb54b1507020f3479aee79ee4c819bc1e8

SHA256
81937d68e818eef2dfe508c6b35be38eea294a2c1e045b510aa853d7656862e7

SHA512
0e4519ba79984cf532f1ce76703fe98e06427d2eab780e88974552fd0995e2f50ecf1014d243b97002862555e2da459e225a42f1f2e225f0777210057d5e22df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1EC9.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1FBA.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit