748da5641a6d96962ef7bee025dd78e8a1f0a5e0be1cedb5c069e5522e0a770d

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6940846b848df2e8ac65516ae5af0d19_JaffaCakes118.html
Size

26KB
MD5

6940846b848df2e8ac65516ae5af0d19
SHA1

b7d0c34b06bd8ca7d83fd19e26c7af9189af694d
SHA256

748da5641a6d96962ef7bee025dd78e8a1f0a5e0be1cedb5c069e5522e0a770d
SHA512

bb3603ae66087f780162f8402aecb71f2bbfdb55570f7b4fc6dafae3f83348e5f5467a6b23274c5211b8cbd5f725325888232e0d409ca2040100a4aa9832a631
SSDEEP

768:AIiYbVIGhro02WnBv/4c/iq8nxQK9Qt+fZZ:AIiYbVIYro0fHz1uQK9Qt+BZ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AC695441-18A1-11EF-9911-62ABD1C114F0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422588681"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2748 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2748 iexplore.exe
2748 iexplore.exe
2560 IEXPLORE.EXE
2560 IEXPLORE.EXE
2560 IEXPLORE.EXE
2560 IEXPLORE.EXE

pid	process
2748	iexplore.exe

pid	process
2748	iexplore.exe
2748	iexplore.exe
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2748 wrote to memory of 2560	2748	iexplore.exe	IEXPLORE.EXE
PID 2748 wrote to memory of 2560	2748	iexplore.exe	IEXPLORE.EXE
PID 2748 wrote to memory of 2560	2748	iexplore.exe	IEXPLORE.EXE
PID 2748 wrote to memory of 2560	2748	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6940846b848df2e8ac65516ae5af0d19_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2748 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
c0393f4ded08a83dd01c1c8ef18952c8

SHA1
98e36d05475d0ac2c82825a2c6b561e9cc87787c

SHA256
84326406da2b8dfa8b179f89c3b6c38313c80b6093014705ed6af2ff5a63fc23

SHA512
81650784776012546eefc082ea35ebe8fc3154a6c8717aad658556074a1d4ee401f612c1464e9ff4371fa1a41e127651a37a0eb6f2fcd87f9579019bc566b923

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97525e099f244f088aeeb2e68572b6b5

SHA1
14811b6a24d5cf65dad5981e2780b99ebc5f9d69

SHA256
0af8c3b9b816b0cf90423986287b64b2fa787c93e2f003d70fbe345f29abb0cb

SHA512
3330cd25df29a86222e43cb7f557e8008e364ce7abf7cc3e764b311c321b6defb89d1743a90575e24e16e0f5f4e079c358cbcb70d58e722b3319e9d346bf5903

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ad265b85f852d110483e674619ae59b

SHA1
de2c327ec4214c7f1ffa21f5bf284d4d6025b29b

SHA256
c1c73d8d9d3c267a9ad6feff3fef232d370f156e328c2a2f24830f3337acc3d9

SHA512
1e3c7ef98102aa4131c8611a282a4e41420bf37d00c87355a8896e593f5d801a72da5a07a9735d90f9050f476a663671b96a09653c0dc13dd3e2ac5225479ccb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44e10695e5acf418a6e971860a9ac04a

SHA1
d7002f19a4c692fe097c9839fd56722c5fed0286

SHA256
4016453f24d01c9ea2378be938c7c514b97269162458e63ea2d92c4495601042

SHA512
14ee42ee939c6d0f64ef3deae63a7094f8c2317ac87a8f235c1accbd82521697671f94d0c238464f3e5bcad5cb47cf5f4926338a552327067b6d15eacf9772b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41baeb7e3457c563d748a895fb1763ed

SHA1
b0d08d0edaeb1eb34445f98cb29c5500ca0fd5a2

SHA256
a74cdfb8590b413318555f893e72bda545bcdc8ec73e7b59b80b4b7d97cfbc06

SHA512
940906b7bd4fe96d6d5c8f19369aa90b37cbd412f822ec0fc90e0b4074c7339717bcf3dcae7d9157448b0b54ed26676eb859bfe12e5b118ea0a5c57dcf3aa3cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88b11dea5a7fd1800728c187f2b7f555

SHA1
bb9ec2bf4c132c21c7cd5f08a0a5db296374b617

SHA256
a51b50a7c39e38ed09dd042273fbfe1389bf43411cc7e4f167014c144471f552

SHA512
e4ced49eeca07aa2e2f28d09c8c70414af8b8bbb0fdca64c5958217c397bd08e0003eb47037dc079183ef3c2dc65fbeaabc7bb0ea987d85359b428d8e6c7deec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9eb060a62d309ab46e766c106ee9837b

SHA1
8ef2d5acb9639476ec2de03f3b2f31457fcca755

SHA256
d1c6542d6cb7aa31ee5cb5de7dd2856d71a99b8433ec519e761bd0c95a54e00f

SHA512
aaf7d8cd66ff15594bc594a4d728c3bb80a5bb430225dd04e56ad65d5822f19a904f6f78b2405996cc50859b61ff7db56c96916f928ac63df06aeb695c0a9ec6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c4a967188c86b8331efe694bf89cdbe

SHA1
106de3fa2e1ff5642b2a6e71d526a41b52fe3035

SHA256
879c2b2652eca1c5ed20c78bd10486feb7ba39d543c76ef2f93241808bb3e916

SHA512
7eaf0b386d866cb1b459ba8edd77f6d27b6e83506ef4630bd8175cc6c1d3e497e50df7e613599aa709922d0ff7fed93c70cfcb279717f45b0f383ffea7c8e74e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b905fa671d03cd6d6cbbc21a83e9d33d

SHA1
75962479bd5b658be6c63a61123842dac9b7f593

SHA256
5e2a4f8b68b28ce6fc5a4dfc9d0891803e2769cedaf8ebb65baef0bd8fce33db

SHA512
ab5cea6e122c67e7125a75f80987d712c9fe32420955c685060e92d4430012a4849694fbdd8a7480b22db709813cd922e9bff8560252732a95267e0091ce2702

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1cbbb248bf4d8cebe9f457297cee721

SHA1
9d0e94db4e906063e221389826c67e20081aec17

SHA256
4e36efab2ab125dc1a5080cee75668269a068a362963d5c61de9bed1badcbeed

SHA512
b32bcbf0ab35a7beb3581dd0f4733df43d75ca185db79dbc927f9ddc3b76d93fbd134ad197ec8f4aad072712f007b6939e92fa402896f8046026ce5c57c3098c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd7e7ad7e212a870964d358958733fb5

SHA1
b24f7e06498aa78a89fce4bcd9d5fd04fa0ee5c1

SHA256
7058bd193db49de353007b8db99f316803cdaf3c66752bb7fda1ec91f9af47d2

SHA512
2c6ce104a2b8cc1c33186519ad22c0358e4d953b3b31db38d4bce7a44b060654147802024469686ec34f63e049e9e99ff83af0f79755ddd606d54b01ca925f3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
275a237dcdf84844037a9ffc7bc1849b

SHA1
ff3e522da1f891f8d480c529574b1417b744a74c

SHA256
7efea85a56e3e5ed95a8940ee7fa256ef9466761721dabce2a096bcf33c24af9

SHA512
12e1965964d66f9e9a6fe567e059a4660452778c50595d55f96570d0e65e3fb89d1a3a2ba566cee308e821545a98d11913b1d0e3766283a50ee4c7d661e39577

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
531ab086a5b2616eb524c14fa8850e4f

SHA1
9b2eac8e7d38df54cc1fd57640689eb368e5fb17

SHA256
41d8a65da2359aad5e82d7c9b86d55bff076806ef2954b6073be66ca2f10240e

SHA512
125a63cbd7b8279411ca22f230dcb10f8df2b21e192f408d8efbc8f8f6b0a153fad44932516c248f49d2224862c81ffa1cf08c5c10f80ea8b0f3f13df420b4f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar715.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit