8b6b091b811a51ff84003c58abf072b484779c78094832a84165e18e910ec4eb

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6971ae717b346a20a3b5148eb067f5d5_JaffaCakes118.html
Size

18KB
MD5

6971ae717b346a20a3b5148eb067f5d5
SHA1

e8ad885271832a37a29d9f154481cb8d6add1ee8
SHA256

8b6b091b811a51ff84003c58abf072b484779c78094832a84165e18e910ec4eb
SHA512

acd1bee91aaafd17efe0ab5229bb7c77ac8c663a70864b29a509d006e2420effa3fb013d7d52eafb75ebd8d332bdc258cbbf479c1067562229ba9b9633936612
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIO4azUnjBhyE82qDB8:SIMd0I5nvHxsvyHxDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CC9FCE11-18AB-11EF-94AD-7A58A1FDD547} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422593030"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2240 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2240 iexplore.exe
2240 iexplore.exe
2100 IEXPLORE.EXE
2100 IEXPLORE.EXE
2100 IEXPLORE.EXE
2100 IEXPLORE.EXE

pid	process
2240	iexplore.exe

pid	process
2240	iexplore.exe
2240	iexplore.exe
2100	IEXPLORE.EXE
2100	IEXPLORE.EXE
2100	IEXPLORE.EXE
2100	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2240 wrote to memory of 2100	2240	iexplore.exe	IEXPLORE.EXE
PID 2240 wrote to memory of 2100	2240	iexplore.exe	IEXPLORE.EXE
PID 2240 wrote to memory of 2100	2240	iexplore.exe	IEXPLORE.EXE
PID 2240 wrote to memory of 2100	2240	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6971ae717b346a20a3b5148eb067f5d5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a41272a12cc6ac197fffe512dcce38c8

SHA1
0dd400920f093097db6a457b7b45cd543e11ae38

SHA256
a149fabcd819fcce3a9ee07c25da937a702b4bf5952107fe9b277b46b6ec2126

SHA512
07801397c66f06be1564c9574efdcb46a1d79588a4f01be77fa9e8689788f3589b0159ace211b143890e3f52a0077240425455f7c2d67055c5ee1a370ee622a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3308545b2ad5e55c6bdc22ed68905f2c

SHA1
ef296ed2113c9cbd8fc7a07a04deeb282dbb5983

SHA256
933b0bb656a85ab21d9b28981e30aeb5077d411483d214eea3d30f2c85cba95a

SHA512
026f3464edebd8487dd230b883d2336b87d497e88b9812336726a299f8040388827d6704a67a6fe34cd0f7a3e80755834ee0f4aec4b153122b9ca7ee6704b744

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94955c0e73bfe7b0b74f439cf381eb45

SHA1
f0b5abc12572ebcb6e831bd91841353ca681987e

SHA256
90dc8f3f7aabe7a96b6b010242cfd106a46519c7842472522fd3dc8feee1aef4

SHA512
a0e165bd57a77a352e6b5ed5470fec62f82779b9e641743c173b100c20ae9d4b21ae01b3309aeed551c375a3f3f1e1a07f68ef365fdb32ad63959fa9fd20209d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7a92bc63792d92eee225a7409c86b56

SHA1
317107aa93c5ab146436ec963e2740dfd10c00ed

SHA256
b19c9efcb89d9acad60f36870ab451d27b785c0dca1d1edfafd21c0c72c4b348

SHA512
bd54ebef71a4981053b98675692eb692b198d00584afd511a9667d14d97ccf2366a0b0bc43f7cedda35c5791d60cd8a27898e5405f42e458d36d757356738f6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
120d0188555ad2756a9cc344328af3b4

SHA1
5dd6e93a634942bb9306b28f7643d90a17385103

SHA256
6b9e6af5f102af7f278b3a8d364a68a35f2773f228dd9c8eadfea43ac825c9f2

SHA512
6964fa0a1f60d0fddbc7247276c809d07efcafb4e9301bfc4ea8f8c3234af7a7f7ab7b0784f3f09382ac10ebea82c0c9abedda7356757d71303a468ce1f99819

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f00f23d5a5b8cd25fb9aecf2d0c869e

SHA1
6b2f37242a983041c1e181cb0acaf7764a08b88d

SHA256
3d741b7cf9693fdabfbd828c300a59d61f53444f3826b0f881e16dda5e8a4d8d

SHA512
40d6cd621a2eb182c3ab275ee8a1c58e6ff49a5b7203a6f261695b0fcadb8831d0f726ca842f9fa93be9e0bc25683ff43b85d29a7f3897526d74a364cea33262

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
382f658af9d620cc39b9def99a3ee045

SHA1
50430adf38b0eba43886ce65b8eba673f971dbb4

SHA256
58675ffaf4e1bec2623bbe16c62c0fd9184fa8c59058d54a2e69abb7d82957a7

SHA512
a01dd16ba8147a81ea0e5beb6053203bfb501efb817188a5c220a563b57b393bbf2f3f03778af9270b8c77202b77ecd9ed42e2e8eca0724da7ad97813e706f0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2bcfed75939eb5537a5c3fa9fa2d19e

SHA1
6031f8a8cdf21b22b963cd71ac78ae5608fc7dd8

SHA256
7a0641c49147c2e48b8dc0d84f35c701497d37c57557c78c08e22c7b805279d5

SHA512
b6a3968632e242bb83be93ffc4d9b5cd2ab7d257f32107ad232f89002ba2783aa0c1e61a6bc465cfa89b3a180c870970ff1f53eebb6de543ead255e467b5b3f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b95291231cfc659b831951406ac6159

SHA1
5100146c4fef1e207823257f8c121c8e40b19b54

SHA256
db5a07e2d6556de6e5ad4780d11ca90829d5c0229dde0f71c82038a8e271dcfe

SHA512
5e4f682bcb75609f12d26d0ee6986be90ded1040f49ac06d7716e6a37c9a9761f8e3154fd84e9a5f38490ab7ee1a7f492df7dabb9aaa0a64fd2710345e80fa37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2655.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar26B8.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit