53696ed0c0dace5240b9ad3c703d89b289eec42011963852333eb5c2d8b9ba11

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f206925f02d8783189b36b8da0951d3_JaffaCakes118.html
Size

27KB
MD5

6f206925f02d8783189b36b8da0951d3
SHA1

0fd3d079aa29733215613cc9795472c27218281f
SHA256

53696ed0c0dace5240b9ad3c703d89b289eec42011963852333eb5c2d8b9ba11
SHA512

fc30aae553527d563db0bebd2fbbbc2d6c6347c531351e661c34ea864b6d2e388d10d9b80609e73fd4d95c660ac0b155dd161fe3c2a688913bb0c6596186f8d7
SSDEEP

768:bZ56Ez26L+hdFRKT2MpOi7aV/FWU7z4W6lnuS/d707olBDabMru2Kh2vha8C+DK0:bZ56Ez26L+hdFRKT2MpOi7aV/FWU7z4R

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422729984"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AB91DE81-19EA-11EF-AB14-E299A69EE862} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2860	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2860	iexplore.exe
2860	iexplore.exe
1688	IEXPLORE.EXE
1688	IEXPLORE.EXE
1688	IEXPLORE.EXE
1688	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 1688	2860	iexplore.exe	28
PID 2860 wrote to memory of 1688	2860	iexplore.exe	28
PID 2860 wrote to memory of 1688	2860	iexplore.exe	28
PID 2860 wrote to memory of 1688	2860	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6f206925f02d8783189b36b8da0951d3_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c01d26d2f4c2cbba792b9761d73a3545

SHA1
3889ea0dc2c9cd487c50e5255e0e5c6f2032e63b

SHA256
3784b25032a7caf232b5f5c59355418eae2bf3f1b9a8f4cf0db7c5c16b404531

SHA512
1702ee2d150523e3d35addc109ffab2b29c3e86dde6d198e9de9ac99019e5b113c2ecfcf222f95ab97d58383255b38aba6d656e7c6c00aea38967ac1d34a766d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c5304404b8ff671cadeb59485f449da

SHA1
c22222cd72afde038f2619960deddbca5070f142

SHA256
fd93f9bc5e7f51120d65eb58b388eba63fc3cc75ca2715097d70399715da4ae0

SHA512
02f0b69721c4295ef98dfacc7c6d8af258ff503ffd65d4dee5c4b82d73efed68e54c6ba967e73e9f5a1e4f9c9bbf4d89326fb70fa70ebeb20ee0e7d12f5b2eca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdf8c3bd88fe70b4a0d89f2c57ac1204

SHA1
bf81dd0d56a73cfce5687848adb7cff82c0a1478

SHA256
1321e4c131b39f9fba8344499f8bd822dcb8c68bc40550c6cee6031cc3e782af

SHA512
8ee34ed2c92fe3c77b03e724e1017e9bfe0f006cd9b53acf6aa2f094859bb6ee39af6b180a9fcc94d1b41b76380ad9a4fa7ff9ee4a112793ee4901afeb6edeaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed9758b3599958cbce8117e1d9a7739d

SHA1
182e50f193d1033ed2e233045a66e118c04e8c3b

SHA256
ee860f57b22709946e2fe1ee9f4f08f4e44b9c04799e3518e671132e94c32f72

SHA512
0f583dde55d13d747aeba53c8471d6880e9bfc41947199da6f91b88db73ed2f830c2dd6f30f9033d258ce5ca3d4e77f4978d08d5028f154a6dc36c3508a1b567

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ac1ba7c7d02d751b86d19c6c836345c

SHA1
222fcd42c019afb68f4751acdcd4a5dba874e915

SHA256
06bd3a5b8fea7469a7cdc98e66fa92fd8907f0e6a71464f611f9afe0b797c78a

SHA512
b0c722ac7f89ecea6f959f6b06fe551288925b221b430d103070583e000f401687a4d75bd7ff11f677b6ec97d0124fa0f1ecff8d83a9e1fc8b222aa94ac24775

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc0f049facf2e086928b34ee2e3c04e2

SHA1
309fff7b6d716dd78b6557a4b513fdb3dec7799d

SHA256
a2e88d3dde68068f2bcdb1b2fb411829e7cd6e4ebf840349e16b7d229de4a985

SHA512
dea514a6bdf749fb2fe6cfff0fb7d46a108ebf007a63911411da77fc03416fac23ec68c68af4e9b8ce86f38465c0462a3704e3e5926208362cc4eeeb6ee166d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d07627c508ab60bc517c7a2edbfe59e3

SHA1
3dd313a823076d376e927a858c40d74226ace2c1

SHA256
be9a48f5cd8b4a48763f03c3583ab655ae6ffeb23e26f8bf9d4c44abd49e10b8

SHA512
dc91c819af8cfc5c140deab5d819c1a9226ad2d675305b04058ab97736bc08cfa64fe02784dbe5ab4e95682b20b35e22c0fdde618b43deab5e37a5846c21b971

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8ecc488771cd70c3ec7a561bb4a2199

SHA1
007e9ee98c7c40db559ce6b55ba8a74b4e3b82d8

SHA256
13276d36605d79d78916d181ca4dae0e5c039cecfdd35a90974c6c7ce1219313

SHA512
9cd7ee7ca2a4ffe5f831ac354c7629e5ede7bddea13617a1662f0d281100bcea7638bf143051258850deb4536aa6f02524d6c1907328ea07b7ffb38fe0b17abb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab10D4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar11B6.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit