dd2a8bbabfc06a10daee01e9d8f206765501d436620f27c697ccf1056e929224

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 15:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7989b5c6c52b0ee79b573aad5274e06a_JaffaCakes118.html
Size

157KB
MD5

7989b5c6c52b0ee79b573aad5274e06a
SHA1

44d9157665b5ee39618c51aa2a75be9897e77ae1
SHA256

dd2a8bbabfc06a10daee01e9d8f206765501d436620f27c697ccf1056e929224
SHA512

8166bfbbd30609e39ee42ed0ba680be13b11f852e8593f984e5b1015763b093f43be7848c0351f2c3a2583501c1f3d19af350d0efa95a2c879b0633e66b315e4
SSDEEP

1536:DIi9cOr0f8xxX7xa5Ssfssv1aANE72YPIVfHXPy/Cq8/GDIE5XpL1gxU85Ti4m9M:DI7OyjTm9/ZYqS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3398B4E1-1C3C-11EF-9FA2-EA483E0BCDAF} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422984905"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
856	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
856	iexplore.exe
856	iexplore.exe
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 2504	856	iexplore.exe	28
PID 856 wrote to memory of 2504	856	iexplore.exe	28
PID 856 wrote to memory of 2504	856	iexplore.exe	28
PID 856 wrote to memory of 2504	856	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7989b5c6c52b0ee79b573aad5274e06a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:856
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
7eb8bafb4b9b04f9b392b2755c8c1343

SHA1
2e76a09e29dcec4889faa3710e9e5deeaead2dd2

SHA256
5a592ffee5acbe3e2e4e2bb9097ee487c5194a7914ac8d5c6f3a11508384ca07

SHA512
fe4d5f6d17c9b9011d185ff9f715120fc186e2c765c538d07823f88e322341bc4a5cdebcccfa811366bac544055133abfd721ff4857831f5c5a1fd5b89c01601

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba044c9dac672c96d1b12dc9beb88ca1

SHA1
33161fc89c6ab4496a4db91d0a61f2650dae0271

SHA256
3a7324d2c07d1148e618936e362e79b0805b067b8c785ac24086e85277d018e0

SHA512
9c824598a911d4143eb0942011b8fccfd3f5e9db5671bc9c45c2e7488e96caa547b50e77616249d45aa114fc89c79c14b20e08b907f6013b1543a792fe7e56fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e248136bd5922b43a8c92ee194f7ffe

SHA1
5c0c00d1418b68f6a3ee035a2542d0b0cc153630

SHA256
66c4fb4a9177f3a352c50b74d4c6c0400b54b859ce750fa76ddaf633183a6c50

SHA512
092a56d40c67ba74590890d3bed171017fb0b6aeeb684705f558141b5305d88188d65015f853900c61f5cbe4a980488dd3d61e2209b1a0711e4cdd55f0009bf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1ae2aba427813a35f173bfc128433f0

SHA1
85fba602a8eb65ca27bbde1169d71ac01a429269

SHA256
38b43ad7314e083425a191a769b66135f94365441947b6fc1ec16ebebfc17877

SHA512
ae5ef7f02487ba5f23c8a4a1b104e5ccf9944bc870c0f7e97c74e9b8c515a9a1b85d6c47c64a17ec7dad542b4914259f01e3238d45570a651e68bf22afbc600a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
473ef9733c03b47ee8a07186be48c928

SHA1
2150357ecbe406d77ceec06c11cfbb03c22affe3

SHA256
e4a138dc5783f96df27110cec558c2b0b6d6190d9b95575e7c9cbb797108af9a

SHA512
f1107159d748998b58e7db4ef43392602a17b397d2bb9c5ea30424c924d41b45d85a2dddb8531e9db021683fda86db3e4745531b4d9f9cdb2f9e9927cc450290

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
632f170b95b22ad1c3700ee4d0a6053e

SHA1
e220464376bfe8bcf8e87040459641354f8368fb

SHA256
905da8a2aff701f866843612e33b8b8b7fd39e4bd20c54d0a2e40763204dcdba

SHA512
b73101d25773ecd7912c3bd7a67bf4663afc167ec36f9e50f2f30ed9504d19f587ca77d45093e4db439c3c539d1773ce4799fdec33e9204ba89bec3f7e8e289f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26afeaf3d7f4edd1a906120c9ab6f9ff

SHA1
a6e6a2b9c9e3e86ec9a05d441d9f96d64cf6e0be

SHA256
97fa25773eca8044a20eb4c98b9dec49fe67ab8a6a5b5ae6924ecfefd93b2973

SHA512
eafc20a98cfe79681c39e93e3fc7f335782546f2d0f332a409f8106d99082c31e2d0d41d8be16f8befcf44a2cc9adb924edd44e5f2c111dd36a6009be3d7b6dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f631f456700c13912b7076333f2fa596

SHA1
e0f1bb5fc07957e685432e333573dcb9dbba54fa

SHA256
2df00ad693915b2ff54d4f43cbd194f34ed243ed7a900cea742257e9e103a0e3

SHA512
dbd609f054f5cdcb1f97bd4646cc77f43e5be4f977cae5f76479d171b8eff58d0fa805972f7cb71d409a25cd33c5b5cd826ca22294ad35d0103df932037d9059

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d1d68d700a06667ef46cbd1376ec23b

SHA1
4ecfd7010d4fd100d70d9de96d236beac3fb6c73

SHA256
f90eb93cf4e9424999009a9538caccad70b7bc6d31ef3ea902ed3a44eef0771b

SHA512
656a58fea0974d2905d4d9fa9dbc1f981458a6ccc22442cb67ab9cbbab12c3c8adb8970c7e023d2170cd4eaedad1bde9f4ac72fb6d7833e6fea9b865946cf87e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85e0db21de70d00da88799fff676ea8f

SHA1
0507c70e65257ebda1f6013df61aa97f7cec307c

SHA256
3f62aaffb20eac2f8127368dd0171bc8e66e01a5e24ee7b8ab459c76f3b1c13e

SHA512
d8cce0a04faf677cbb5675869c610e81166385148a8dab3bd26169227e8a97bb457f0db30fd6037145343c1958c51d5625366cdb8ad9ebc16055d5d1a610d77a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e58eff095dd304db6d408a985ba4fada

SHA1
4ba77b7bfa839b0cc27e143960486d37e799dfb8

SHA256
0715a4d950694e773422d6235d21703b65c399cf8ec7d0612a6889d96c57c347

SHA512
964f94ef7cfae7c3a184e9d2c428ba28fdf07f61e72f12b1e4738583ab92523ba774c0362feb03b1d114806264761630775649b23247f70c265c034ea2868151

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b41059b96ef000f62c2ed596001f8a6

SHA1
62072726a38e99a9ded68d9244c96ff8901b34e6

SHA256
4a2079cecc6c625ffc8bdda48da2dd27e44675d1dc980ad3143458a5d758acab

SHA512
c848adeb3e622b27d3ed1235cd1cd9f7aef51a4d65ead2a10e804cfed62870e95f98952fe355dc1d9f3f19ef03bf1d6f354a5b87a774b2361fa7cdc0123ffcb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f55f9e5ee67f291d1a105c2be813709

SHA1
3f44cfcc88829a5bdda98b58a6d87a9dd2fa6bcb

SHA256
4a5328856a85417bfc0f76d22c90ef1f44745844041d9868247ca98b735295ce

SHA512
a1c60937a3a1c71598fce761cd9222de72a6056c8f214ed29c480ae7c73e5cf2c57e7bc21d9fcd2d3ceddc6330c969e4acd65e67a61e69334073970f1c754f98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a2a580ea6dcfdb7bf4a91c53ed7474f

SHA1
f0441f46bd77943a5a47b3f9500bc453823dce54

SHA256
08a0e4692eb7eaf31fa909c6ef56002014aba8bb93c92d7d3a2f7150e133aa70

SHA512
e5fafafeec31ad7a113b54b39a0ed47547db468bda6c028c0f07270b5420704836882990eb2b6c0862294b54eb5f9829b170b25c4a86a5c386fe98172e41738c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
279bae5cc2140ba37c4dd48aea34187c

SHA1
89e015e2bcf601926aae192b3012956abcd0e00c

SHA256
d06ace5fc90de07b55e7befbc098bdbd4bea46f2d6ff4c948702a41862bef66a

SHA512
29a67bf49d9e3729f0e7c5a1df3433c093182a9ea0d666091df3aea798afa2501b24cf3573935feb7e44fe66837e462262c8f3590922c4b4caacf7c3c3e1d650

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9532.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab982A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar937A.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9566.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit