256313ad5939f72ffa2d35f508ce8fb8c124c7c55f46185825f387f0680f6ee9

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 18:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bde777cd1ad73b4509bad1b272d885b_JaffaCakes118.html
Size

27KB
MD5

6bde777cd1ad73b4509bad1b272d885b
SHA1

35b3c72e6a50472f8f5ecd2c2cd6e0f808b54239
SHA256

256313ad5939f72ffa2d35f508ce8fb8c124c7c55f46185825f387f0680f6ee9
SHA512

2314ed2e444246363fa0381c879d0adbc60459702917671a3d6e04cd9a4e59164ab9169f3b997a52d4254db3614c02eb58de41848fa9a36b003fe99f85ed0a12
SSDEEP

192:uwHAb5nA2nQjxn5Q/HnQie+NntnQOkEntldnQTbnZnQ9eAam6l1msQl7MBeqnYn8:pQ/HFyDmnSYba

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4844D341-1932-11EF-A585-5A451966104F} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422650790"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2296 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2296 iexplore.exe
2296 iexplore.exe
2604 IEXPLORE.EXE
2604 IEXPLORE.EXE
2604 IEXPLORE.EXE
2604 IEXPLORE.EXE

pid	process
2296	iexplore.exe

pid	process
2296	iexplore.exe
2296	iexplore.exe
2604	IEXPLORE.EXE
2604	IEXPLORE.EXE
2604	IEXPLORE.EXE
2604	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2296 wrote to memory of 2604	2296	iexplore.exe	IEXPLORE.EXE
PID 2296 wrote to memory of 2604	2296	iexplore.exe	IEXPLORE.EXE
PID 2296 wrote to memory of 2604	2296	iexplore.exe	IEXPLORE.EXE
PID 2296 wrote to memory of 2604	2296	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6bde777cd1ad73b4509bad1b272d885b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2296

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
544c37307982cf1a82ed814af840c602

SHA1
225ee85bbf411d8db6cd71be0b03b77c989c06a4

SHA256
b6416fd94036ef8070ac868298ade8348a7d1e803594f7b1ae37d3a52633b1f2

SHA512
736dbc6ae09ca4a4a4ff6c1d883157c2773a29b7711e6cd88c37272b5dd655b865ea227fcc210b9efa8fcd6bf9fe58977c227305563be8cd259ca682c3b57141

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
52ccb951687fe582627add9d28d18733

SHA1
41000d541cc87e59baaad2fd1b080e40c312c1e1

SHA256
fc5f39e76cfb506090ed93b8a26a64727324e40148b63531aa8d0a3e3999dfe8

SHA512
ebcbdb776b9a46344f453b9ad3e30d43f6060e177c60cc78db608e2232de01874ab567c74709a5e90cc9f09996e87560e3fe60a5275398e3f22b08ee946b9802

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a69adce1bee5bc52540bd06c7c7bfc02

SHA1
91042d411616b5572d150ff0f821445bb48dde03

SHA256
22b8a1d27184f201dfc2de34d059b9f9a37267ddd4bd870d03959250cdf89409

SHA512
e88fc3ccccfa698864270524e7801def130d4e3b4afd5e8407602bfe0cc20b04e3920f33bd537294399bcdaf1592bee7058c900466e1caad0cc75ec6ef2727b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9076318ddc6465ec530d3babeef9164a

SHA1
3871b491a6471d36f644f51c2db28ea4d15c2d0f

SHA256
2eeb536d3de17eb57c4917042dbad35b53bbfabb34aa96605dc3ae77687905bb

SHA512
7f9a20eb06b517a823c222cf815b4771698e6ecceaa05563c8ef60021201e377dd3cb743b68edfdf158510cb5c26a219c32a63ae606e1df1fdff0987edeadf12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1c686c4fd186e1ab999475102226b969

SHA1
70c88da47e9aa8d547f166d5eea60508b167a806

SHA256
495be5275e31e3e83f9771dfed79c0b63518f3041be52c9d60c6f55f013b034e

SHA512
0980b2b8439ec871e20f0531c6dc1a5e1eb2ec2dc66ad4410b6eab6d8924a467c5ce6a634f6d312bdae1ca926b73202f75a7f83c6f139c1752f346bd2c13bedf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
31f8cf6d596e30f2c4b4e7f076dc3a99

SHA1
9b3b3a89e7555ccf58d3e08bb573c33d9e3d89f5

SHA256
7ce35d127a629b21e3980cfe15a22d84eb8b76f19593866ab5c1e78a95901e11

SHA512
d104c518f8a360415dbc7c277577062b2b1b092301f27894894a50c8fd84697061f517e916023b6f23867225a9d356756591b3f01d89858db57f234246361da7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
fa873ed53aab6414661cce97a3cbbee4

SHA1
2a1e9dd4a0fb29005a7090cd4283ab6373e8d671

SHA256
2d4c88446397365685c47639761f15950af6511a8e3eb0594537549a5d7d0f08

SHA512
3327601d64ac29cbe0d11c062c1d9956430d9a74d78dd1936d2c715d1ff7e3f3337de6b0f45436a1c17ced74f3dbd4a72fb8fd0a2836746c131247601c8681be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
adbab6d334651660f0cdeca8cf7e7fb0

SHA1
4310faa3aa4f2fdc0f2960068222d1b612542adc

SHA256
e1e6d8505e47182c9fb66afa0f789a3264923ad017d53b14fc86146fdc85ca2c

SHA512
02d888cc5d2c059d8f72e3aa8274b9d86e80ad9d14401c3281bb87e989acc66e491f4059e67c3787ce3990398714982589186be0869d47a907849fa7d1473a9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d5f005b407fb17ca5ed5d17ddf865419

SHA1
5a09f00a48dd51ed41bf04a401be9bf5595a4282

SHA256
c795b326e545d97814b9fbed921289cfc776ed021ee8db6230ab4770b9ac8690

SHA512
d8279cf4cb8983922c26d30d35fb8cce372619ced7bf95fb53d2bd64506d5f2d7a9ac6b5739b7c5bd4c2ef73423592e73d091db58d6ab01173b31d34fd0c9b09

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF00.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF71.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit