fbf6aa7c1e6f3dd9074ef7488154dc6afc8d7a79cc695bd5b99a4c95c6a7cc8a

Analysis

max time kernel
149s
max time network
155s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69477064f20665e5069e7c81c7d6de65_JaffaCakes118.html
Size

19KB
MD5

69477064f20665e5069e7c81c7d6de65
SHA1

2e776ed4d0b0fee55109b474778ae655b664f752
SHA256

fbf6aa7c1e6f3dd9074ef7488154dc6afc8d7a79cc695bd5b99a4c95c6a7cc8a
SHA512

42039a5b5811cd550c108335ae6419a454e26487b4a1d6c4ce5c384891e12e0efa5835afa622e42c7371b63878cef6249a2bbad88ebbf33c32c0a2a3c73763b0
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIAXTTFw41td17RgzypzUnjBhttl/82qDB8:SIMd0I5nO9H1svr2xDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422589389"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{52499A91-18A3-11EF-AFF6-E61A8C993A67} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2980 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2980 iexplore.exe
2980 iexplore.exe
1536 IEXPLORE.EXE
1536 IEXPLORE.EXE
1536 IEXPLORE.EXE
1536 IEXPLORE.EXE

pid	process
2980	iexplore.exe

pid	process
2980	iexplore.exe
2980	iexplore.exe
1536	IEXPLORE.EXE
1536	IEXPLORE.EXE
1536	IEXPLORE.EXE
1536	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2980 wrote to memory of 1536	2980	iexplore.exe	IEXPLORE.EXE
PID 2980 wrote to memory of 1536	2980	iexplore.exe	IEXPLORE.EXE
PID 2980 wrote to memory of 1536	2980	iexplore.exe	IEXPLORE.EXE
PID 2980 wrote to memory of 1536	2980	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\69477064f20665e5069e7c81c7d6de65_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2980

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ff751f0f5697c6c931101347a0d8aea

SHA1
e812fc177bcc234fc5802ccfca862042d8f86384

SHA256
202be1079100221c7f3bfd144cb064e38dd73e7fd976b20864b99ad97eb3a7d7

SHA512
dfa9a960f07e668e82914ac696184c80d635358f2b929b0c221cf687b799d3f19cb65f733aeb0f95663da0a1fc940722a6518151f93139bfdf09ba542a4f19e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3dd47f023f9e80968b27218dd04c86f6

SHA1
0cbb8009230eab6b91ce540834459767e1ea0b7b

SHA256
f3be1e49ef1332647f420c176a3ad423cce5af190d9791ea75dee7e4d4141daf

SHA512
5f54f91bae07f7e360f704d6818ce1580fc1c21649b815dad8a59c3b3e4a1d48dd1eae6cd8bd4818bdffd473217d0bab3800455a6c40daf996d00016e18a923e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b96713734b8e5d097530f60093a15d2

SHA1
de3d6dfa7f11297c4ceac1719cebcf3d98ff0cd0

SHA256
d29ea8bd4b3f287184f6cca633a9f6d91823895b7655c762730e5c32b810dbd1

SHA512
975532d97ca4b4af0623efe079926b8efce9fb839223e34c63002c5ed24d0e9625be45240079677dd7f4392a391a768e1d3328c26fb571339b10ffe6162c8aea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74be0b18ae1a0fcf44a48e20384fa6af

SHA1
27a1c8b9de0ee0261c11a5c416dab99d56fe6268

SHA256
f050c5a28c9ebd21fcc269c9107efb940f106eab93823691cd3fc67c2fc8371f

SHA512
e4cc099627bea3f5bff0c920c31c892afdbce6b60590780b511b257c1df47b04fc7d8e1a0b00d2ebe2bbac044078ad934f473f8b0817269580a654c0bafe7255

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69a1c7f4d815b2171315473f3a079c8d

SHA1
87b270e65268b72f427e0be8600de342e8ed2638

SHA256
26cb8dcd97522c62f34a8436584ac2511867ab35a93be108e7eed91c68d234ee

SHA512
42830e6d1fbd9453d9da0ca5d86e333161dded88b86861d775ed3208f59852e96c6d81242deea7a9fb9d66a0c883a72bf7a8dafaa93da0a5003155414aa89577

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82c0334b3a954fec2fb8b99e97e41379

SHA1
3d6fce99e90f35570870232f1910b9376c912121

SHA256
4ba3dfd7e1d7550cbd5b8636915d36cdbaf91d535a126eba23a84e4d68f6d724

SHA512
0ec25dede37430949e8beb7f2a468356f47ce077d3cde97ef4202015204752d92477dc6653adc5ce66d54c4c5e4c843aca3845f92691e889333d1ce6706ef049

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be9266ddaf6258485c03f1eafa308c25

SHA1
10b5fae11dfd59f3a03ae9af0cb79d01136ac654

SHA256
7b7c0d6a4774cb5f6149c2c5ab9c8982953663bf338b202ed5530fe8181713b4

SHA512
7e5b1c98f039ba1fd93683982fca7a6ba051d467a959f12d12d0ebc891419dc4d6915e814eff3027eb83acf93b96bffc89804d82568545d9e40e272bc087a2f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c59acc4ea4201de2e72cf6432ba84e5

SHA1
20a48770adc4b0c58bfad8c7000d7bc4123dc507

SHA256
e6375b2d0b5dc18df44ba980b911efcbe43bdd202695ac0e5eac4780a6846455

SHA512
c0d2b457c8ab33611439691a17af6d626d276719737c45398bb45eb1f0df9e16c158898bb9b50db2c42398c8b342b4943d59a9684d099042294bbbdcc32da871

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab847B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar858E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit