57f126369195f6c25b63beaa302b9065d9d0c3076a84a12085f592d4dc4926ed

Analysis

max time kernel
140s
max time network
140s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bd43f0da09843c3004109d4aee3d172_JaffaCakes118.html
Size

2KB
MD5

6bd43f0da09843c3004109d4aee3d172
SHA1

757f727fa84a6874d7d58deb9cd7fe0a1d87fccd
SHA256

57f126369195f6c25b63beaa302b9065d9d0c3076a84a12085f592d4dc4926ed
SHA512

52a9a47224c64d9a0bb137309a6504f151f9b78894e5236507125fc4896148a273f5d51ec05a2249eba313c6a0918cecf00bcef1632c98b850ec63184145e6d5

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422650097"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AB31A9D1-1930-11EF-A140-5ABF6C2465D5} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

3060 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

3060 iexplore.exe
3060 iexplore.exe
2660 IEXPLORE.EXE
2660 IEXPLORE.EXE
2660 IEXPLORE.EXE
2660 IEXPLORE.EXE

pid	process
3060	iexplore.exe

pid	process
3060	iexplore.exe
3060	iexplore.exe
2660	IEXPLORE.EXE
2660	IEXPLORE.EXE
2660	IEXPLORE.EXE
2660	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 3060 wrote to memory of 2660	3060	iexplore.exe	IEXPLORE.EXE
PID 3060 wrote to memory of 2660	3060	iexplore.exe	IEXPLORE.EXE
PID 3060 wrote to memory of 2660	3060	iexplore.exe	IEXPLORE.EXE
PID 3060 wrote to memory of 2660	3060	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6bd43f0da09843c3004109d4aee3d172_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3060

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3060 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
252B

MD5
dd1996ae071a45d2f63a460db50413dc

SHA1
4cf8e2d20b540849a32275522de540bfcb8aea63

SHA256
fbebf232e1c39b7f8580e049dddc417b95d3e8fe2a7ef1927eeb3a5a9b43c291

SHA512
daada3ccf96addce67ecf80a184ff79b158d04aafa174757455d9bf00cfe7bb49c0daa3c5ede6cfc8779a09ac9b21145dbfa8d5583a198bfa076f0bb127be189

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
df6deacd6de8e3dbd97feb66148ed361

SHA1
5d1486e047e526a0e029c8eb355d991515c81a10

SHA256
8c866b4f6520f66171c7152f9ee4de2205944184730685cd605ca209b52c99ba

SHA512
3ba32e36282621f4ba11e5dfb9b41e8ef5cd9ac559ef551f4a7325d946969db89622fe256776fdbb407e76d53a77de6a47fc70e333a33444c14389578a4145c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
78f1e5bf019e22b1f205ef58711eacbc

SHA1
799d8e9ff9045805a8b1e3f1bb299918d6df4ec4

SHA256
3b066a1af2541fac7258f7f92fb2d02a8877365b6a7dbc75349678359225d1a6

SHA512
5f78ce1f53b2387c471467d13a61555b68f29ea680cad4bb7e2cf8342132960617952875aff8d597f8e1455370f83faff3be8aa8f9760ed3d60c2ca8fd32e3cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
febd539516067a2d39d457b94b80c310

SHA1
c16698b4eb244532a9e060d9007fb819feb4d859

SHA256
cf174caacf1da43ea9d7ad42c37a89e2b48535b1639fc42ed138fa8c2d71a55e

SHA512
aaef67ede4450b645971e017430a0b77b5e123b0781c1e6932978a3168a9e0dc4127758804ec980662e3abbe21d603d5cea38e5f18f907be927ca38b93ba7726

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
61c684af331e72261c226e8c6490686c

SHA1
bcb3ddd199884e931042a540952703f537d74e44

SHA256
37edbd3e18bce6f292a1c335b0bff99a777cb8d047acc86bb8b06e040c66d282

SHA512
2821b619e7ea00cbdeb3efd91243f5158b310f25ec373ff3c4508c269b87aca280e63a21c097592dd786a42fedfa4c8ec69dd427a9d82cebbde4989797573273

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6a1677c8a937990e93b9c92a7f573c69

SHA1
c8cbc40f99a5c46b6126d55ef8cfad5925700cc5

SHA256
e3831b4b77334c753a41d39522a01655e3114342c841d991c22935cab15e5348

SHA512
8193dffd4ca2041730d64f8966743ded42c815f5d5e810373f2dfa39b773562f6fca35fca6fe1e701a335e0366e1519b38171f2fefb5aa6f8a874898cf4869cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8c5b4dc16023ee3b12e8f8801688e1e2

SHA1
241c01eb4c766907af2c902dd3da10acdece7735

SHA256
d0f2df95f9c0dc7fb6e3adc4c5f9e8cf7a491c182cc72f2a4683ae2f07bbf491

SHA512
89d36999dde4b9520fb13803a72832f8dd9f4108eac6706f21b17bff973d23c2bc67d04df7386cb646ad4e8074c84cd873c0ed0d5da1c9a8f55fde95039d2c4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
775d13dcd678ccf3e5ea8ad05289ecb0

SHA1
16091a39eb3fd1681c5a6899a3c1c2804d3cad9f

SHA256
c4f4bd0c4b1f1a59f718ac6b20ccfe1343da28110107a7cffbd7e7e6a76554f3

SHA512
7a157ccda2ad00edf2c637b993ff223bc0842149eb6937361903fc8def0d78772c72a82827ab3e074988967ae3a9d0248a505e69a2f9579d502eddb651520a8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d21e6cb22327bf55dbae243fbd5db900

SHA1
7d835e8861c37dcd90d33afabe1803a48181ed14

SHA256
c1a6b70f860a07b7c0d245b7dab2c1404fe807b6bc5da1896f4cce1c2bcd4ffb

SHA512
871d6e1492bb52711586e905ea954d80f994938de1d5865c2433cf92e7f5037924129168a360ad2b6c3e15dcbf6311f3100ca069bdb2a26c0402e05014c0b6d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0b1700bbe519806d96e036ca223a21e8

SHA1
4e801b0605ae70c88b24329a882d9e23cd1b45cd

SHA256
3256e36a1eca7717a88711dc4b4d2aa3b2cb70348f2cec0d4c9e384f3f11fd28

SHA512
8f17a0a2994fc333aa4fb8bf30e793699e29d990331f475f0f65c9539c3a5e080c39c673efc576d233b64b80201baae970f28791a0058a777d9e7d76d42aac8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
3832c93e984cf9d69df67dbe647034cc

SHA1
9ff5d0a674d9722c2a7d9d91c6b3a8d7a6ac0c47

SHA256
81c4eb6b3be848cf07033834a76f118d5ec2240fcbbe78d3d6928eea98450d69

SHA512
0b3daedbdb7fe0adda4abbea6643c56683b1f607161e1ce1195a4aead0c8a906f94c4d705fdf38f19e3e986dbce8eb1c93af5412bf56d2d56d68f265fe53c604

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab197A.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1AF5.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit