e2478197b3fa4f03190e486e1056ee016d501487bafb30e1fc19cd582fe0d4e2

Analysis

max time kernel
148s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

696e2a9d54c0149aee63d3108dca6fa4_JaffaCakes118.html
Size

18KB
MD5

696e2a9d54c0149aee63d3108dca6fa4
SHA1

b22fad20f2fffda55bbb3ac67e353c9dc826128b
SHA256

e2478197b3fa4f03190e486e1056ee016d501487bafb30e1fc19cd582fe0d4e2
SHA512

b182e629aa2a6052ecea17c0e4a97dd7f64239bfbb19baa6d35b568d19b8bdfc0401a3cdc23d22597094c64f38a063ceb6f1b4efa73215da793ce7483b1c8fad
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIb4nzUnjBhRr82qDB8:SIMd0I5nO9HhsvRQxDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422592754"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{27A85441-18AB-11EF-9966-EA483E0BCDAF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2164 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2164 iexplore.exe
2164 iexplore.exe
2528 IEXPLORE.EXE
2528 IEXPLORE.EXE
2528 IEXPLORE.EXE
2528 IEXPLORE.EXE

pid	process
2164	iexplore.exe

pid	process
2164	iexplore.exe
2164	iexplore.exe
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2164 wrote to memory of 2528	2164	iexplore.exe	IEXPLORE.EXE
PID 2164 wrote to memory of 2528	2164	iexplore.exe	IEXPLORE.EXE
PID 2164 wrote to memory of 2528	2164	iexplore.exe	IEXPLORE.EXE
PID 2164 wrote to memory of 2528	2164	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\696e2a9d54c0149aee63d3108dca6fa4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2528

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d211fb4c64ba8269efd7f1b57a99856a

SHA1
28c08505367baab3425efb0d38d892ea610b2b40

SHA256
c5941252dac024bc7b69572287bb368e8c66261ff8f028545694f7e003538b83

SHA512
00cdcba6f7b265521b959aa1ee74dbeba92f89fd21a07a80502c503e1efabca6c4dbd280770ca38dafe052454fe8d1a35c949bcf984768c05524282597022ab8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c8687349cc4c829b11321e9b01222122

SHA1
3980827cc7021f585d0630a9654914a4353ad873

SHA256
adfb12cee46ba9db22aeb0f5afd6f64c83b5e8cafbc86c36cb64b4ed10100787

SHA512
adbc72c573b5a4018cbaacc851ae787cead05b33092dde29bf81a8506fbd96e0768b93333a27d72e9df7b29717125dfa424a31db61817be3eeab0bdc6c015270

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dac7bce60996dee7263ce4a971edc562

SHA1
ef4c46c7faa0a2cd52291e57bc0ec23c42f0acce

SHA256
d2f0572c3359ab805c836e61d04218d25f4d06a8bcbbb8533e2dd30119f86c29

SHA512
66162551d15195f75a5446494670cbdc68878a679b7e502e840437278dc82889044405b8bda68ba6476244b4541c50aa71829cef557614d7f529a3a40e5ff36f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ced7f56f4054e847507949e720d63420

SHA1
f97d907ef60aeccbcefb35d9dcc10673a572c6b3

SHA256
8b27c5ad407918274e95c484523fa8b5133e9413cff5fb8aaa6fa64407f2c9f0

SHA512
45ccf15fd236416c076442268bfa11c4e56d0e1ee235d6e126d451b7402b27abdbf631909c98fc39906b867acfdffba21335c418d4b3cefa80b6b753ae80d158

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
197f4bdfa2344275d2a41b7b97163e85

SHA1
49d0f0d300c6080067a22888e8702c96c1de4a49

SHA256
c708cc966775cfe81594514167769c5df78f90a145de52e9914309338507cbf8

SHA512
c4b4c9b7840d0a8850b87376cf51e1f4038c49fbda7916b9e44d167d5b1b4b4ce6ae237991e35d4c4be7ac83422217f5e3acb9e130603fca7e29cc0f7110e0cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5ee997f488a545182290ece31dd90227

SHA1
ac82f4b0d1c5066105aa2c18894d755b8c1c870a

SHA256
30fdcb71467a9f06e69f063cfb02b0eb0fe90ca454240d544f9f4d6f81e2bf0c

SHA512
dbe36f2802e216a9824de5323361167e5ba109ab20f4862f46d7695f117842f665aeefc8755ee88cac6182b3d6cafabeddd103263d32275a8d74224807e632e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9ef29853ed6fd9287b1928c05e13b92a

SHA1
f36ab761675ab46d934437bf3d950641246f70d1

SHA256
b00d3b28fccf53152e1738eb1ccf937a91f8f9a8d5e7a291d25e959db770e321

SHA512
e0b16f02798f705adfe653594eb22ecc581ba90e94f3d2260337ad9ad6c86f9e9c367d1505b4cc8cb1ffe6b677dd7afc146cd07bb1183dfc24e30c7c41a987f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
130a7f5150a51e216dad023c00ce76be

SHA1
59d2563b03f23345e6c3fe5c40d80b55fc35ff71

SHA256
9103fbeacb1c48eafb9eae901e502a76410f185ac140340e3bb9c0c7d4fe410f

SHA512
3bcc5e92dcfa1743314fcafb82d36806181d7cb71ff84cb56797cc28e8ee3e1ac562513af7926bbbc8ddb5ca0b680b5543849d0e63f8aed3a96562c8a0633e98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ee8b501d9022a266102c428a179cff92

SHA1
9776b4a2dce3f5fa8958dd263b54b946402fbc39

SHA256
636930c6887be70479eef42a4bb58d3ec7db91de1c8475dfc694730f4a406bdf

SHA512
bf28755ff3acc3f108c3c10b4ff6cdd1ad5b178afcb40fd20aefb7933cb4ee76bbb6d293682fb5d251a3456041b6d8a15795096883cfc1bb2dd8bd042a1cb0fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab259C.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar268D.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit