1237db272a62b3faf63dd92162ff1eeb3253953317b9ec17ad358363ddc3f8dd

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

695a2aa8d100995a4b33fda40073dc89_JaffaCakes118.html
Size

54KB
MD5

695a2aa8d100995a4b33fda40073dc89
SHA1

41966c0b848485d1eb5d30daa80cfe4aae858bab
SHA256

1237db272a62b3faf63dd92162ff1eeb3253953317b9ec17ad358363ddc3f8dd
SHA512

2c478b7145628b2a4d6af318f1a4cd85ba935ec3eaa44d6bd57243b3068b947b2a1b6fc263b5c2b0c88bf8702d28bc35c2a4e8f6c170b892bacbc34dc9ac1388
SSDEEP

1536:hDtkL3dQsT+lPv/VPs0S5UMFsbpuPTXbkkucyQqyZQjdP0HUt:l23dQsT+lPv/VPsbIQqyZQjdP00t

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2356E8B1-18A7-11EF-B5E8-DE62917EBCA6} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422591028"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2940 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2940 iexplore.exe
2940 iexplore.exe
2532 IEXPLORE.EXE
2532 IEXPLORE.EXE
2532 IEXPLORE.EXE
2532 IEXPLORE.EXE

pid	process
2940	iexplore.exe

pid	process
2940	iexplore.exe
2940	iexplore.exe
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2940 wrote to memory of 2532	2940	iexplore.exe	IEXPLORE.EXE
PID 2940 wrote to memory of 2532	2940	iexplore.exe	IEXPLORE.EXE
PID 2940 wrote to memory of 2532	2940	iexplore.exe	IEXPLORE.EXE
PID 2940 wrote to memory of 2532	2940	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\695a2aa8d100995a4b33fda40073dc89_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2940

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2532

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
252B

MD5
938640eef768029d7191fbcfb39aec94

SHA1
08a33bb6f01cad882fdaad2f831efac78aa9b4aa

SHA256
9f9f5edb56e1f9e7f9ebc2ca3254e8745833aeba14e570798a88f363854b3a4f

SHA512
530227f3e3c32f851c8a00cbe7b3677f6f82dd028490ae49f0947ef3ae5f719ad8a97c2fb430962137ec11f3d0bb8ed01dd4883062543a783e0a6fd46f717f4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1d4bf823efdaa5cfa17a2543dbfbb1bd

SHA1
43479945a696d445091450067681a0ed7cb45f2f

SHA256
87d8a5c4a70c575f155d58d9583fd5b651c96913236f709a40b441033c0be55e

SHA512
083975cd5af2f36ac93dbea7902269cbfa33c06ff6814f3dcfbf5180be4be45f26d66814d09428f2b00077c928d968b5682b9d02e811136c74e16a72638436b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ad7a3f5a6af0f73de256092e9f84d34c

SHA1
2221365d632546e65c4048aab3e2b6395374792c

SHA256
3fdcdd0308ba21eef0a77d6b0b346b52df753e40eb583458b5855e3eaf0f8db4

SHA512
dc263fb5f7f6f046cf984a2c13011e8ef62fa8caf3809e0f3dfd1545d1f5b4a8a526b002ec3eb6706e49b7ea05b82315fdc41162fd150872895a4f28e474a530

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f4be3bb4e02376aeb4d85d31ebec87e9

SHA1
e9b18f2fee61a38836737d94b0b79904d0da3a50

SHA256
96224aef0ccc26587a98a2d3777b6234b8742c500c057bb6d7cc59f5d80dfa52

SHA512
6c820ba291385b1084c2c4c1f3a9d38e33c26391732d3027652a699575b4848e0640137c397a3840c0ba9ffcda66515b337b6ed7e428f00b540be5fae67bbac1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
779d558a09dd6d1b9212233c9580ede2

SHA1
4541a6867c755bdae828acac999dcbba240d1025

SHA256
9b2ff2cad8b907398e52d3a4c92f9170d722ac6bf01696a68a01b5eb80e6d5f0

SHA512
abd47002ba60846601a15cf4b374aa2189d2fbcda0a8ef55b817f4f460feb0edfae830ed31632f1328520bbda701c123abea2a06f43e64c8fdfedce102b4a70f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
07bab1da175c17b0d413ebddc257342b

SHA1
d8cfdbe730c800c3ccbe46ecd8f9f8f15adf72d5

SHA256
680d2ad905bbc0476c593db1b193a3f61a5a53709816a2536fe68e16aa84c670

SHA512
3daed0e77ce45914d5fea52b5c6ccca10ff0698472c3cb58d388c95b594c39c5b97ca7a7f69c90cb1d806497642b260fc9aa09e3693f84db8458e12aa0207eed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
bacce63c9d444b4e6f8912e6e084b846

SHA1
b64d3fdedd2d88ae11620b5bcf21e7aa7e855cfb

SHA256
604241435ba7c396126caf45e349fca9d0d06d35a7a45c19524a1a0fffc175e9

SHA512
84ef5890bcc68b80028e676c46291bea313c8db09fda11356fc3f8eb4c4839364202bcda6db9d8d3d7c08271bed9abf832e4b71130c48c16a0211b8340688a0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
31abd72ae84e134f6444020667910425

SHA1
9cc00b5d8fd64ad79f68cbd0a1ca4cad2958ee88

SHA256
e06a9771578bedf8e7f1ae3a09aaa139e04d2d280e2fdce32a0f91954cd7fd57

SHA512
195ff8066d945bff1eb14ca1b3008baff98ed8ceb7e5490dd7992fbe8702cc9e3ba43a38c22e8a5b2cd745f1419bbfc1c00c72244f9e0919c920654c413fcfed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
32ad2b419002170fb58e2921b94d86da

SHA1
58d7bdf0910d7e20e5f77ce9862edd5989d1a13f

SHA256
aaeb6eea939528895f6cd1792a41d20b1beffefc389a46a28a47ba44444a75e0

SHA512
b46953f04e2a1f6c8a8e99fe356f844ff0efc4a790d8933981b8b89e70a3766ff3441d5ccc490c3d865db4ba1ea0b445903aae6d78cf84c46740289fae3b0b9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d663c16ceeb7808ead19ff48169146a6

SHA1
7fc732cbc803d383c284333691492f4c6c75ed1d

SHA256
8a0ebb7a33d0bac2143b8975dffe739370219769cf7fd97bb14ed90ca729af6d

SHA512
22aea1fea87672cda333ee98546da1764868d55ffdf5a099319da543a8d0161add942bafcc092428e98bb2e05ef77b26fe5270d1482ed6898f6a90348f5f4a1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ae937f759e1f1411ef07b5763b8956b4

SHA1
0e67a547e5cb51e59780b7189dcb3facdfdc12dc

SHA256
8e4ea671d0fb85ae11e68e3ede065d2c03244000161534a7d1fae2634705ddae

SHA512
cbdf8a7c8aa74ad791dbb544c0a8865257cebd080947f08824f0482267a504fb233a8aab0653cb28e0cedcf855343d5147160d42aa4791eb6c0f3e292e87ed6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4984d044fa75021d282164c678be51e9

SHA1
14fc17288292bf1080c0fc41602191fcb1bf4348

SHA256
736e5bfa515ed40a23ccd6619e5edf6f9149ac3b72617d529d70e8da6b86687e

SHA512
639f5a7d5f556eab591326758fae1cb3771007991b1c2ff726824d1191879a18cceadd215d9694d012338bba0578a7b05c43a51ab7e5b87cdae2fe63e2b27d2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1b9f5e97efa3e18ae646f7d3170fd82f

SHA1
dad48a14e958855df1fbf6d0136b190f395881fe

SHA256
7f8f86ecee55449343695255b7ac8aafa7ef83e0c710cb26843fff16a5e5985a

SHA512
384ba9a3c2ab9db51c8f0c5c45bda17f4269fc4d3ad77ac974aefea71249be0830d0d659854b478c458b29312da9473acbcb943c67049c2dc1c376e805e308b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
026ce5483db8fd79a224cf107745e4b4

SHA1
0f52e015b11169349f15d153628d90c4598cd17f

SHA256
e5a513c400759eabcdc174232e3534c57fd23635bfb99004d671cdc0abbd519b

SHA512
79488f9444d5b20abbc55c677a05b854e33d34d771ef62d7941e059077ca2f1953ec517ae481bafa504e8db1748728dbaa4f6b2ea0278b2a788f3e9709a0ddba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1A49.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1B48.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1A4C.tmp
Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1B5D.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit