2b10b5a6f97c656659a4ea38775e7a258f5067b0a0a6d9512b6778308d2cd7d0

Analysis

max time kernel
148s
max time network
146s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7efc1348cb551cedee7c359aae3fbbab_JaffaCakes118.html
Size

20KB
MD5

7efc1348cb551cedee7c359aae3fbbab
SHA1

a0cea5ab0fe9efe45f42cbe6009f6541a4528a5e
SHA256

2b10b5a6f97c656659a4ea38775e7a258f5067b0a0a6d9512b6778308d2cd7d0
SHA512

564ef7f30b6e62b26241683625302d930c67b5f73c6f5a09622d2055d1d5f9a541e340238dcc678e08bea04150bb5314f8206a14008b464995582b2f40589f17
SSDEEP

384:xwqvCSEdwqlmAG3eGaZGHZG73G/wnAli/nUQMRGME2S22MLRaKBN+TnNoghcmH4b:NJEdTlm53zaEHE7WoAli/UQMRGME2S2V

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{90F13801-1D55-11EF-910D-CE7E212FECBD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423105749"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2044	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2044	iexplore.exe
2044	iexplore.exe
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE
2564	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2564	2044	iexplore.exe	28
PID 2044 wrote to memory of 2564	2044	iexplore.exe	28
PID 2044 wrote to memory of 2564	2044	iexplore.exe	28
PID 2044 wrote to memory of 2564	2044	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7efc1348cb551cedee7c359aae3fbbab_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2044 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
df9589b568691574cc1ffa15ebdd7893

SHA1
2e84f55b9d163a6781400c026b81db5db283863d

SHA256
6d144334841f98ccf84e8fd275ffd629df8a9443c807fc43c1183854e28573f0

SHA512
0b583a01298bac3d795def75f9bf24b1132450d70ce4962fcf7ff9afcc6ce790fc5c42ea51a9cf3d7d583ad72007484fc375d0d7f0bad8a43a16ec8050f85e16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a55b7ffcde6536a5bf08de00d8e0c89

SHA1
67aec6c84d5abb80ee681baf984d8e419e7c2632

SHA256
d561c078feff46bfb5640fda7e48c471f9d14d3a485be246f3d52ca8a237b7a6

SHA512
93d037dfe978b42fc8147e489dc0ee5b9e53025f81e0843d3f5d149d9e463e1288f37e590947e7d461abff65872e7360d3caf225ce16e626608ab620a42ff104

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b544c708e70c358e0dd9b1ee335b38d5

SHA1
864c011304737400747735b079b48a852de3c2a3

SHA256
9535fadd0ed35bf68c853c0682e180610965b2ffe9af6500343ce030726cd31f

SHA512
07702793d82e2a5c5a15bb52a65682208169dadf12992ac5c81795eff12f59e37758618a1821fc4ad6d76fdafa79330fa51f595ee0896c55a8458e644fe35afd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ad947f969390a98c66d03883c68a3ed

SHA1
50d1919c86a7d05bb9f7cddfc989e91384759c50

SHA256
be01efbc46f42bf52412bb7500136efc177cd0424dd7c218f2f3d3f2e8f37111

SHA512
dd7690d7430669fde0fc336a0ba0178a679b21037459c8ce11195be6b04ee3d1b4475c833f91320524d8786b88c8f06dbef5981e73c118eee00041a7645469e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
740f07330af2a42a5f2118628b746403

SHA1
5176c46361d4e10607acaec2d465c5e14ffadfce

SHA256
f0e8b62d9c3b82baf52384ac5365417a7cea885e25b37fac8f70c38c4ad374da

SHA512
6301bce6644eec1983f5e422e7b00081c87cb285a3a8a39b51ad789ff89705b3e400607e28128ff3e83425aebb168319c6675add50d2a03ea4ed872d8f818bc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3dd55fa46bf259738faade2a9c013c1

SHA1
fc86c0942f3ab0d66790554fae6ffdd4e9b96903

SHA256
b55a2ad325b4bd68296e04be49d01d91afafd90e38a4b45f60b799ac9cb6b178

SHA512
7361aebeaa3b1728030963ddbce4d0b6e1a9edebbb01689224e65865bbfbc03096e73173ce716d30294af2b4291aefe87face3ac83aff66cfda93c347869dafe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e00f5d4d1b85bd2181546778aeff8eb3

SHA1
25cdb8fd83cb69dd69a37d0f7b9570c92dd30f54

SHA256
b8b83c46f31e89b415d84b66c871f58979f3fe38a424b61889856be562babf59

SHA512
f35979bc1b8c8b73119c3008ba6c6d54277643f5f44a7c14eff37bbe8441f9e82b0b13d7b96aa343a33da7bbbdf5f189b359bd98a52fc753b682d372bf7f4be5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4fcc4736e63f24f85baa6b606d8f456

SHA1
5a963fae35480725a0692dc98b4802fbb3b58df5

SHA256
760e17db8286854e031886c2332d4b5541131a21f1d11557b41e0b016a95f454

SHA512
4c045c699f151b6021d82989611b0daea76cb037377cc834a87b18e930358c438d852e925af113c0e2fdd0da7749e99b6f56589d3b6d22cb4e72eb0f9c0d80cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e834c52ab0d8cb928bf10d09458e1197

SHA1
76bb805503b7a79ce4283d8a2ec5ecb42aa4d29a

SHA256
2911d4e17be237b50cf8075110e40a67a5831506912bd761d47efbcf0724e093

SHA512
fc553de699913d451a04e58dbe467cb9f31cb5ac46551a11f2cc491fd49d9d0c686940d4fea35a7d1345cbeac021b055db37fef102fb8a1821cb4d4958611832

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efed7e653cb4a6133b57e466f36f08d0

SHA1
ee327d5817eb173a365e50c94a565719019eddf0

SHA256
48e654d7b077c43d2f59a0497a2e5d3014cfb6042bda7738ce81e4462618f0a2

SHA512
72ce918ebcac24c319e84d77be5e7654ac243db6caca164c269457b32e39a6980c0ab9e3facf55b0616e8b2013662ae26e10b82b25a36317bf0b4dd7961b7d67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18a560d2cf1eee99e10808ba3efc33ce

SHA1
2bc8ee20cb70df28962154075c27c826ce9566eb

SHA256
9ac568f4850e4ed6de993df432c8c39d78d3fa920d1882d81600d0ac51d384a2

SHA512
dc526e0c12fa0bc754733bd729ddfc84c2b63276625d210214153dfb45748c7d61c11d442c3caec931d50d55a1c340b2404a36aee10d3a768f6109a2956b7767

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
42dd421f37b3251a44f0fb32451c0fc5

SHA1
75254c948d70d8500594103bbd237839b339b5f7

SHA256
a44779217eaed790ff5acd150d3e47414330db45b0246cb87d20a179d8af1d11

SHA512
5924bf4c634e206885525fd63afcef3ac0e426fd29d7d41b615ee4f65438619f26e48a2f0485dd4fff32d02f9c10a1eb536835d7628ef7c3cbb250909b96f940

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC373.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit