d675b4659339f5cf1156a4d325bb771719a971a9f644a53aafdf864c8ec09413

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 10:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

78eae73baaea721273225a3f9f4eff40_JaffaCakes118.html
Size

23KB
MD5

78eae73baaea721273225a3f9f4eff40
SHA1

c3463c840435be87186509ab2243ae1f045c69fa
SHA256

d675b4659339f5cf1156a4d325bb771719a971a9f644a53aafdf864c8ec09413
SHA512

9505d94c11c966bd813e0696b7c30ffa44a1964cc0634121d699ce11e20220fcf4e2d4ff7b87315b4bd072386f011615443312b97adb55b96755e040133b33b4
SSDEEP

192:uWXwb5n0+nQjxn5Q/7nQieiNnsnQOkEntZBnQTbnRnQ4CnQtowMBCqnYnQ7tniYa:ZQ/mkz1

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422969300"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DDDA1041-1C17-11EF-B023-6200E4292AD7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2788	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2788	iexplore.exe
2788	iexplore.exe
2612	IEXPLORE.EXE
2612	IEXPLORE.EXE
2612	IEXPLORE.EXE
2612	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 2612	2788	iexplore.exe	28
PID 2788 wrote to memory of 2612	2788	iexplore.exe	28
PID 2788 wrote to memory of 2612	2788	iexplore.exe	28
PID 2788 wrote to memory of 2612	2788	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\78eae73baaea721273225a3f9f4eff40_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86f6fae975b86cf616b9a8a862d22e9b

SHA1
2a7ee8f440fba0968879827b83ca003a43847cef

SHA256
5221702b85be19c6d06efd04822f3bd41dc61dc28d26f3673137076d46250475

SHA512
451f0ca7b2426f3141dbee4ad26acc67196c25caef601170560b687808648218b3deef31c53fac47e3ed81ad1b6703a46ac838324570650ecc1ae0596bbb8bd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8b52f9536556fc317b3c5a9c77669ee

SHA1
50726d6b7f35a3272ff28ca3a474eec17a816103

SHA256
d22bf74fb2582d63fe47ce6490e67219edb86ea8dc20a76d747c4bb9da05b76f

SHA512
d45090d177aa8954d93128991d2b58a9bd7572432c513662a85a4da84c96de547ff1ac7f7e61225d246f4dc7ec228665f825f5d8f8a11f548e5b8fc10e2fbf5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
233ee1bb2a5ec3af48856c5a004fe576

SHA1
568bd4680be337f80ac2e5ee99b78de3825b3f98

SHA256
4217df05988a2b32912f86fc6453d73b85f0f5a119ee9863fdff45a4423440e3

SHA512
648fb1d82a0a3e36bf61d71b2bdde850de8e9c0ec46bb0abf51564e9ac9ebdf13b8f7eab601a0232a6c898af4c0c88ce0905efce4f34e5fceb5ec7240f3e8414

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
faab1155d3756bb17f66608f2ed7fab9

SHA1
9956bf1bd04f62ae921e246b20230b5e6119e66b

SHA256
f3dad76c0485f7a5e4e6ebfc9fc853c90cda6d4cc57fee5656da18bc0387adb2

SHA512
f8276dd1d02511c7b95dc301544cfd120dc5b06796ec039daade89be1616ae0fe5edac272e900f3b96fd54277cdd615f8091016b2773aa4da2adb36e8c9e0376

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c9c840093a8533e25fd2f72a0e91d93

SHA1
2210f172b28b8bfd82a70ca1ff6f401dbb316e24

SHA256
7b7266adf28aec570d6ef727a746fdc0d5f8bce79f9ec75b500c6e71d716b963

SHA512
e750541f7af3da72d21e055b09ed72fcfc14dc96b25a93a9ed53954d68f625efcb1bae326510349fd38b1ba59afb7ff21cf866e5a9f818a5bb14ecc61f5778bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d66ea8d046fa8a745ba846061c42e46

SHA1
7f78661a3923899fe486ff74f4bdf6cc3ea8087a

SHA256
bf2c0fe00d0b1fb9903d98657c312e5208f121fe597c03eaa88bfc6552cd9e67

SHA512
e7147af8de3f37bbcbbc2d7e755d5011674883628171976255fffa678eff1099f58ec7e2a421fc32eec6d1fb64f14953db146e70dab1f139a24b71f45f7971a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95a2e18cc30093d27cd605d9cadd0c34

SHA1
452c62537bcbaa15a19daa57b8255410e9174164

SHA256
ec57968f4941fac43d61e58322c30c3ebb62828dca7f11dda9d36b7ae088844c

SHA512
48e8214bcf9db999fa1b737315185bcad1bdbbe6af01bd1861065a72d930503a76e21be391a2ce356ec6c4679ec499beb8644799f2c1ec3f49f4d27c4c92ff79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9e757738f6dc8d31d45883e7e53523e

SHA1
35e36f353ec3d7d6d8bdc8bb08fe4c83c9b6ca3b

SHA256
93685fdad131b42545a735bf12755dc05bb492201f6de03a8662aafe9912ba25

SHA512
386b5725ea5621d45c1f4a53eaac5b147fbe286e28b066657dee6ae069f6d5e7fc85a07e5c1f236ad863d85f12304bcce22c3e494adf2a99474bf0c789780c0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab191E.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar197F.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit