d331a7f87994e8e6fd22e4fa231a19647b76f323b01e6a1662889c927433aa6e

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b57e8eea4ba37c48fc4050138268859_JaffaCakes118.html
Size

23KB
MD5

7b57e8eea4ba37c48fc4050138268859
SHA1

4698270a1acad18e79ea0c194a38a7b17cfe647c
SHA256

d331a7f87994e8e6fd22e4fa231a19647b76f323b01e6a1662889c927433aa6e
SHA512

9eddbf068d489a822dc33e0685d7f02320dcf5f909a7af758aac6e102ba3cfec719a373a451d4e9053f557b511257ad73cb912af24ae01c9ef802dd38cab20d5
SSDEEP

192:uWXBpEUcb5nEunQjxn5Q/bnQieCNnHnQOkEnt5RnQTbnhnQKjCnQtIwMBiqnYnQI:pQ/b0R

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423024182"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A73D5261-1C97-11EF-B826-EA483E0BCDAF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2960	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2960	iexplore.exe
2960	iexplore.exe
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 2132	2960	iexplore.exe	28
PID 2960 wrote to memory of 2132	2960	iexplore.exe	28
PID 2960 wrote to memory of 2132	2960	iexplore.exe	28
PID 2960 wrote to memory of 2132	2960	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7b57e8eea4ba37c48fc4050138268859_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2960 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20d6f07bf72a129981a58a79f10faca7

SHA1
9147cb289678cb96f9c8c4dc3818076acf443a57

SHA256
9d1d94dc380990f7735c93f8834d69e6534e917844226275e301032ef30c9e4e

SHA512
ac7900a1f3548c82d53a2ea8c77d958a3bd1de94f425a518b84ecc534fe5d0dfc5691129dcd434ed29f6f819580bbab78ef591188c33e112b3eaa43c94338f3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b87099b58d14f29cd8471ff5d948c30

SHA1
8a0f953c5412d8ece3b844ce258a42c5733348cc

SHA256
e3627f958a27c915e31e71b75a991497b5028b988afb322e7eef0b2109fc7dc4

SHA512
886ad85493877c519c94657849a690a90e1ea118c46faeb0cec3b1f4efba225adb6dcd643a964c90633961c96e5a3c6fafbac430c6d15158463f46a5b7119d96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5c8c2f77184c424c1c6dc90af270189

SHA1
3ba364580be33122ff187ea532e1c6fdaa207355

SHA256
915c23052dda89b17d97e8b5d922473ce31af873f171f0e3d6bc59776b0600c2

SHA512
db6fd64ad4f67829c6518d7892b53aa23758638974d2f85fbc4a08b6bf91c2ac48e2fc5c04a960c11673cd2532369c863fdb56e68bebb1ad0efcc88bb60d7674

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd007d4838206fc259e05295a7e55db6

SHA1
e7ec13411f584f4945f99df5110a74aa095b13af

SHA256
a9721d344dc041dc3db8929631daa688a6c9ba9672670358c0c4b67121506f34

SHA512
7909db54e4b3a36262189a99887b0428ad567fa08e1ee1ba30598fbd122127f3da23afd256c7852857c60af155c747ea1699ada87d37b484d52943312014b932

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9dcf89d5be94f8f1088b2ea30eacfe2

SHA1
11a6f7666026435e5b695d856f133df82720e509

SHA256
653464c1b2a57d3534e7f8cfe777c9c9e0a59e831ba4f8b369d8baf983932f77

SHA512
ecfebdb8de04d1f1bc66019641c8b7a2cadbd31b8196985da705114980e89872a2af8ae560c1f72baa5ed093fdd45dc6d7efa4beda6f68f090c3a6d5c5d662a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d03868ce8df2b747789e0aaedfe5af8b

SHA1
a27d0c04a3fabde5ef24f9c143e6171b431b5cb7

SHA256
331039f92bf596e50f91ddee9ad68397ca143207d732f8a22a97c0f6ed70e176

SHA512
f56964c67fc2058d1d09b03f0dcdf1b1d90ee5dae779d819de754a0c5df1f93e8c0321e29a1e4be2de9627c0b47c5aee5e345b3059c744aa18d1397db9c3c499

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47d63dd809c47dda56a710faa983e838

SHA1
86562a716d6526e9fe5c1bc8fc9551a452e44f3d

SHA256
30fc23c114012fd407ba754deed1151fe4ee2d235eba8098cb5c5afacb55325a

SHA512
8042fb4c8b218560afe53a814d156ebdbe68c21c50925c2585425bac0f76f78804abb6bdda6d573f3ec332e7b75b9076f6e7383f67d78658e551b42fe9ffcd11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77c69c3aa109074ea002e8385c2539bc

SHA1
33bbe5643e5f7b84b70885f398757c34dc6e586a

SHA256
da17caa50727de75c50e562d6235ef114fbbd109153cf5e594aee05fddf7896e

SHA512
43690eb9fc122eebf8fc6dff3a7258b4be93f1c630fbaa74fad87c3b7b7e3b42f913e32ff4c03fdacba36f1b8c1a3c1c18f1bd6365a6a58317b18d08bc54a289

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6118f5c108988e8e9ba78bb49abe0c66

SHA1
6b61d82fa42590a30c625f5bddf96f18d1c6fcc3

SHA256
841df64f22b98da2ac90f105dcf12fca061aaaacbd3635a28341bc18c7b58800

SHA512
c83ccb464807110c5c24b915b28674bc40d1c872244587a025dcf54db6d1ef37f8f7f8a232c8eb2091e6cb6f0a3f07bf7d751989df062bf4f782be603a79e578

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1EE7.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1FC9.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit