3659400673ebb2eaec092f97eefefc792b92a6c57d0e44e99fd226830c9942e3

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
29-05-2024 04:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f86a9a871ed778a2558287055e7aadc_JaffaCakes118.html
Size

23KB
MD5

7f86a9a871ed778a2558287055e7aadc
SHA1

3c64f557362b87534b7347ea49c26c9aeb4366b7
SHA256

3659400673ebb2eaec092f97eefefc792b92a6c57d0e44e99fd226830c9942e3
SHA512

4f82973e6496ef078381468e35c8ada38f28ce210ec35fb6b8579c65b7081e9a34a956830e1265bd5c004f30ad4f58992f1bbdfed7532c8dd328c0ff18345ce1
SSDEEP

192:uW7gb5nvqnQjxn5Q/GnQieVNn234nQOkEntKsnQTbnFnQ7CnQthwMB1qnYnQ7tnA:GQ/U3GjAe

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423119757"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2E69D951-1D76-11EF-A596-F62ADD16694A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2344	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2344	iexplore.exe
2344	iexplore.exe
2580	IEXPLORE.EXE
2580	IEXPLORE.EXE
2580	IEXPLORE.EXE
2580	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2580	2344	iexplore.exe	28
PID 2344 wrote to memory of 2580	2344	iexplore.exe	28
PID 2344 wrote to memory of 2580	2344	iexplore.exe	28
PID 2344 wrote to memory of 2580	2344	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7f86a9a871ed778a2558287055e7aadc_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
935caf02c431b30a2d266f23b4a23a3e

SHA1
92a3d05b2918872438a2d57598285da9d5fad2f2

SHA256
fb5c208c413187482485bb363b7201eaa3490b434c38747420b0808e0fc7cf37

SHA512
cbae29dd08bce2ddfc2667ea6d57ffbe08ab5eb7c19f6e8b6ae4a26d8baeb1777570738341062c4c22aa85eaa70899d13eefa1693ca5d5ae7968ea78ab80baa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f022135ba6d8edaf2cb69ae4206f605e

SHA1
af0e464ea805c31cdfafa7d01c42fca3212b9d98

SHA256
5fb52c65412ff8148c5bf5763cf6174b52b2b3c3e943d4b5adce6ae5fce2f102

SHA512
4348ccd749f4091aa572f3e1dde5da8800854595fabd1b15fcb7bb29f939c7028b2e965a06deb6152ef9f874fe7c1dfabaa93b503c4816d8ae3db5d065211743

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1eb4a8fba6386d7a17cb5e9d7e906b0

SHA1
825214b8b01b98ea5cfe2551308e81e191298df4

SHA256
11d8134f5dc0423341dd92cd4f02b0eedb221872ec9c4df73dedf4fa99027386

SHA512
5cfde73a9cce21b32c74f74dafe91d92b50d5b9157473ec7c31307644037281c447015a9d24bbef4a8f8102dda47656269a80c04c6defdedade74b35fb444b31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c03b495f2cd32f6436eab0307e3abb15

SHA1
e30f4eb47b5496064bb61d60ac0f95b2d128a05c

SHA256
6302221e5dc263b338a13bc5c3465981c443f8c008e98a94c10cf17322b7113d

SHA512
46e1bc166648a7039a933cf0d67e60a73379e538fee0fdf48471f2ffb93fb45a10e329811e81698d6d1bdebb178c20cdbd7e1b72e2afd6db462790fcce9674a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6f47cbef9567ca62bb82ee6cad54b6c

SHA1
4157882f845fd70e0f52afbad7ae93d10e1bc728

SHA256
8d5568b6a966da1a562346cde4bb79d0751540b501f48ebd4f4bcc71e0f31e95

SHA512
f07415ed5b95015b46edb213da83f4c850130cd1b22794f2cc531b1c2dcf78f5af7afff19f8a15553a8f1f43bcc47958ac4fabc798458c94e85b59b60925ba32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4cd926d58629ed13f74f2fa713d61899

SHA1
fd9938fc7a8d936b3705385b3191def51a59094e

SHA256
0c559381d7740ba9df4f1a43194718a4be68136207524513505656170ba48e00

SHA512
97d84d8bf7681841c8d7538093db4cb36194553cea9989a3c405ef56a403695525c7e2321707568419be6f48ecd905520b8654664127c4d522ff8b269e146624

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f409d43ea9d1b3c8b28674c7c1ad3e6f

SHA1
110e9dd0e539644c04838315d213a6a03e8a1bd4

SHA256
9e3b2d899317b3e7ab72ef4f83b856a01881c3209f5e17cc76fa50db6aea50df

SHA512
830f19474912880f340cb9cf1ff0888219b9d096bbef0954a668aa870db559020d53568a33ad821263bd2e75f299cddafbf5fcf087747950077584a015cd8c89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1a9c34b5805643701db6abee6f29592

SHA1
9fd2f2c32f06dbc07d938e5a8baa703faf930cc2

SHA256
46e7c5734d14b4d30c7d7a10c7acff3b5a50e4ee49c8441cff60af33db2191fb

SHA512
fef2ad538d73a6ebd289816d5bebbecc2eb4d6c2a2c8e24a9593cbe13c9bb719ba2e7472c6fb79a662dd52a7d4e0b52e6a5577eba92b9969e872d140bc22345c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8465fadba2307382d657c774ca8997b5

SHA1
3c2785aa7fe62aba4ae4ddca201695c0b4056369

SHA256
78aedebbcb9a9de9d25d5dee474d8fdfd4d40f08d2abe72add75cc389897c7aa

SHA512
ff1a5407400415621d19d1330873cae4ecbbdb676291644d7852f138151175ea5f3468d7d885c351039b43947cf2847a4b9a7ee5447fe0dd524fb7d52f4ee6c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8C7.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab997.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9BB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit