6b48b02b994a1d5c1492c71150e9fab2b35e6c8563e95aa85d95c7f3f1276f6d

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

733b2d343165e71a35b2d27adc52ac35_JaffaCakes118.html
Size

23KB
MD5

733b2d343165e71a35b2d27adc52ac35
SHA1

5ba15f522e991f72d2f54f2192f78a67c1055923
SHA256

6b48b02b994a1d5c1492c71150e9fab2b35e6c8563e95aa85d95c7f3f1276f6d
SHA512

2fa700a210fc114ce791d3756e76561797e9df85566abc129df8ffc78159308d1ba4fb20de5a18ed4581a7b4c8eb89a771d46c7cc7263102121b827b42ad10fa
SSDEEP

192:NG0o43lb5nSnQjLntQ/9nQieZnFnQOkrntvEnQTbnanQKanQtOMLnFnQ7XnlnQTI:M0oApQ/1F

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CE4B9521-1AD9-11EF-AF3D-DA219DA76A91} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422832691"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1716	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1716	iexplore.exe
1716	iexplore.exe
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 3064	1716	iexplore.exe	28
PID 1716 wrote to memory of 3064	1716	iexplore.exe	28
PID 1716 wrote to memory of 3064	1716	iexplore.exe	28
PID 1716 wrote to memory of 3064	1716	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\733b2d343165e71a35b2d27adc52ac35_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e8400858c1b8f8b13b58a2c45320617

SHA1
66a866b04ae995e5a205383c863501a3b6f7dd3e

SHA256
f222e1c9e63268d8826d49132572d11e2a4e0cb6c762d77697e85d1594222c31

SHA512
24857e2e6628c9550b1ca6461c49eeb556814308a20f876dc7ab53cbdf48aba5998aa629c9bf9f2e68e6b459996d4b47e7dae0e15bd11bde9d45446e132d9df4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8cace386f31342fdf88aa21666692c02

SHA1
aca36859f0633d844a15b5a7547fc358801919be

SHA256
ed5beb68de1691264f341451f11ba572f8a109afdf9f4fb5d6c2c5057bbde995

SHA512
6299d0840e7003c1d6d1f022ec06e60e7ec2902c794491f53e11f10e6eae65365fb13a867e40804dc3e26a22ce0fc645d5ac736e23eaae20ed8643893e7dbe06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e12c5555fc35e74a071b1a246b7e553

SHA1
6c9fa1fefb0fa1d64e4a270c3c20e16cc4221bed

SHA256
320c986863be5137515f49569c0c2d7c31d79c1bc83db891b09c17ca61970b31

SHA512
04d88179d7a89fbd3f666ac2aaf0b115c654fe4f0b78d599ac3b40b9194276740709283e0e6a551ecbdba7c01488ee7ae5022f16d10914eb49d30f5bb9a318d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2766dadf408f94964bb10cf3b054da4c

SHA1
75b145e6a13a6698f54a09e105d9bbe42c5e390f

SHA256
fa52fa34c51b1e9ace7b6b9e99e223e11ac8bf119f1c2ca53be062cb43731f9c

SHA512
8937b1784c01f36936165669e81a05f605c67a395631d615171538c7cab84d77e8868111dfc3e5950ab8a21403f0f9cd129d78ce3b86d94357a9481c69035849

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96b042755bc5d77d022fc340d81dbda5

SHA1
2d74e611614797f78463a326f206d718ebc6ed38

SHA256
b2e7363da2a54f7a6dd72e3632bfdd48ce35d41e1532bc5bf69bc9165fb540ef

SHA512
724e46c3f7fa99c706381896f32a2383340869f85369127dd8f1dac461695f416f29caafab9a55f9d3065533b352644eff50f35b07f444144f6188fe6c92897e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c16dc81c0754260eb0fce71a5cbff60

SHA1
6622a23ba53908cfe94c29c8be9d24a0277ef794

SHA256
11b904d241705b85540c1e0c14278b1f3316bed56be28e7539ed6f46308a0112

SHA512
e3b8b74bed125ba1aab771f6f7f7573bdf4de0420b216bfeac56e28b5c733504a879dde6c38742dbdb015e22b23406a35c2c66aa6ff733673d9dd2068b4411ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41c38d3fcab38f38392247ecef4eb7fc

SHA1
ff9c630bcae2493c84c4bf5e4b4e0e6e9cd01d9d

SHA256
e08466fe516080cd45f6dff9d4df76387692b440bb765c5a583a359c08d443da

SHA512
1c659fe75a47fd9549f90dac43ce1067e46aeb86b13b77be54c1b9b11de59f9bd3ea69fb734f0cda84f8b9ab1ad923a2e1de183ec03f84ea1c121278f436b580

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d6be61569c3cbaeded69533c5a2eac7

SHA1
5bb84efbb8075bfc05846caaf6294125e7ff1755

SHA256
55e3865a4546d2ec30690601b6cbdbb598e54eb0597b1b5f5e3c10806fc23c89

SHA512
8e271a38ac84285e7e5cbb9cd910898686c8b44f63d6e8fe553bbba7a8949d310922eef00fd0fe6805eed37522bd60493c736d23256908fee44f09c62cda0e48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
59229ef63e36b1d4d928c5831b09d49e

SHA1
a55b5c578fdd343c31321f543a700fe3ee3b07b7

SHA256
d0d2c3c0b22d4be31d82ee63b7d15cf85b2e8a6f14b7c35295c51cdabfc63291

SHA512
a5d3b61c2c2f560e387f0acfb262e106eec11e299ccd3b5b3250e908baafaf614cd0aa0efa65906994f71f66274fd48be5e346c15e51818c67507924705d1242

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab280A.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar286D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit