09e0a9bf519076b1f116dd4ab8cee33efb65a28b8e65a09278e6b73a0823ed05

Analysis

max time kernel
150s
max time network
149s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 06:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d9359b0972f52e12756873183dd84bf_JaffaCakes118.html
Size

53KB
MD5

6d9359b0972f52e12756873183dd84bf
SHA1

be42bbef12bb48434271af0474bbd2e8538bd7c1
SHA256

09e0a9bf519076b1f116dd4ab8cee33efb65a28b8e65a09278e6b73a0823ed05
SHA512

3772c672746896b68f58536aaa16d169b3a4602e3a5ed481b1aab48ae5d54f6273a925811cabd7e77f588968b211c96ce623c027258e2b938648e1b05dd003b2
SSDEEP

384:gbCD6GicoGFDPmekxYBvn8oXAu2IChSGH6WBlsOKIshdGbWe+qXqWjNZckpBpdPz:MOI/eqFUvn8ZRsPqXDKOIIo//tzG

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A5217EC1-1995-11EF-91CF-DEECE6B0C1A4} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422693465"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2412	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2412	iexplore.exe
2412	iexplore.exe
1300	IEXPLORE.EXE
1300	IEXPLORE.EXE
1300	IEXPLORE.EXE
1300	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 1300	2412	iexplore.exe	28
PID 2412 wrote to memory of 1300	2412	iexplore.exe	28
PID 2412 wrote to memory of 1300	2412	iexplore.exe	28
PID 2412 wrote to memory of 1300	2412	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6d9359b0972f52e12756873183dd84bf_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b251fe93f67fd759ce9b953cc525b14

SHA1
597ff3826ae3378f8fe17b97a6be2f49348bb6cf

SHA256
9bb57737b43fcd4f7330f4226b2ee36df04859f3f24d329c7878e0df5526d9f2

SHA512
ffcb25a6e46556332daef6e570848c5ccc6efd9756d742ef0f2be10e5929e439ecb65d1bb43ab9a6e81ee49d7241909805804fda8d8af998506e0f7486a778a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8110a4410df6fbbd5770948ea10518cf

SHA1
cc607f7053eaed4862ea172c177a58813c0f3cdc

SHA256
a91ff6590e7c0f5af69e51634ffa4c381be2c7df0f61cb7a70ac1584cb70080c

SHA512
375f4d34ef5fd69486ecab439aca9b3c7cfeb4b454649caef496d6c555f90243680147b9bc0a01a4375a13b1e6f9b63942a2d493679db8561136d3ed50de2841

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c9074e863be9781b7ca9eba3506a01f

SHA1
92df4cb3b5c1ce109a7d537eb9bb43181c5c7c05

SHA256
9972acecb6490f837f86639befcda76a4486eb4ac858b30f7386514572737921

SHA512
42d694be82a2fe6e81135b0e33aebd27559fd8d3350a487fd1769bc978333aa36120ecd489b15804483defe2c908107ce71758dc8e75413f8ba8c2dcf00c1127

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f4443ca9cd93b40841ca4eaa3485eed

SHA1
787afd6976c39df3fe7a48d05ad527904bacb0be

SHA256
931c86eb5590804681936bb51b2ca0323461522231573f3473221fb04f80874c

SHA512
5dd0c7712681670e60b6ce3366ca5c93d4201cdfe20764ed7d93fb6b64497d0ba616a770f8d19a409ca13f71a1bf17922c7cd72e5ca54b0badebebbe3df3164d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee2f83b383a11a46e1881e3b819906f3

SHA1
af5f4ed72b0fdbc838b963e13acc68ccbed37f22

SHA256
3218c76d45d234af89c7e8ce414758b94d6272cae1753c88479297e369a9743b

SHA512
5c378143ee9210bc81cce9345be582d16f6fd9d37b51446c21fc8d42fbe637a01e11c5144b3e10b9888f619dafff9583879ab5d1fd983aad05ad101beb882c65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
571682eb0e73e92bff17e2d1508a98cc

SHA1
dcdcefd197a8474966af9c7474ab18de9bbbcb36

SHA256
c7d1ef79d46aeca1dd98ce2f5ed57c854dc3d768c804dbd27b0fb57c184b4f37

SHA512
aef32c9ff2239c473b10de33840b2d07df3161d947a68b8bc8fbee6f8f9c68127489631dfbaa05513238b62d488b63b8aed86228d820a8288b0efa0ea46c341a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cab07ecdd80c2f2444f7974b7eaeb0de

SHA1
862b531d433a05970b21eb39c2cf7f7424dbeea4

SHA256
3554abe9ae883dd4e9c34c1f618f35842d529030f9eb54ca5c368cb783ff3cfd

SHA512
9f08fbf9176f936c9d14d8c5705a908df8effe5afd6ec48cce6bb160b62593f58ede34da9195162039142cd37c784751fb430a61bcaa21bc64d23d91d925bac3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c14f61dc27fdb42e6a6df6888c42e608

SHA1
7fe5f839693d695c55a86d9a026b5b9389f1880c

SHA256
7669815a89013590f857b33e35d225918589b660668833738b64b8f3407042e9

SHA512
c6c5a6b442e426f6ddbf1b8e1d6ab773cc5eadfa14ef70f782a316b01499846ca683661a21cafc1d53f562ecf43aa6c0b938e01ee59edae8887f8e57504313a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33c0c651ac35ff92ff404f126325d647

SHA1
bddd80be34d47c28ddfce1cbb180812e47e68603

SHA256
989c5db62e835e605783a29630205fea273c88271108f91262e6473cebc487d3

SHA512
4814bb744f362805ec754e8d4e8b811b6bb93f47102d9212afba79be6154d5a99740cb9f8bec0ce3e7d814a4b1be62bf8c431b510e7638a1cc40de94cf1b2ff4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e192ccf33d96c97d47805a101506f45

SHA1
2344e2b0487c98fdda9841eaaef08dbcd63a00d1

SHA256
556e3001af9767fbcdb3de1fca5f3375a83da660bc5a1891c533911ed739bdfb

SHA512
f47634767a4fe226e2f530f2987f4f24de8b03268f47850b62fc263bc499a1bac8c3eed189dcb7f187c0bf5e8c2a085a8bc5bfc7d0a8b28781104031fa207d5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83e64f621c93ebdece3f7760e641b805

SHA1
aedc69baee1918214ce52e80f71f1b492218992e

SHA256
b1f32b7bc146e3d434bb466116582a9fabf4e57c61133b6bb1ff5d2891ba91c9

SHA512
bb09f376abdf62529d5352d0c5767ab59a6ee614b7e5210d34abb488a5ec3a65e9d6bcd6357ade3205980763e1c5112d042140df6a94299cc84164a8fa6bad9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1509.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar155A.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit