90b8fe88e5032c09e255f7141d2b8b5f879e40c2cbe9034e78fe1569f10256c7

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 08:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

83832141f84080bdc7e88018196cb904_JaffaCakes118.html
Size

23KB
MD5

83832141f84080bdc7e88018196cb904
SHA1

db64bb0b580912ee0373a65ce4ef56d287600afc
SHA256

90b8fe88e5032c09e255f7141d2b8b5f879e40c2cbe9034e78fe1569f10256c7
SHA512

71a7e70e77ed4246c1eaddcb59a5b7eb53c1ddd4f090c7f17afe2999b0a6093cfcb668f3a4e95ea91e94c95ff084cd7705642a200fc95b80cdf77e85c971b9b0
SSDEEP

384:GMuhI6hocx2Rw0/exr4BpQoQqhxCFdUS5q3Gcmn1bu4rMum0abQ2sUhYNkzSJjqP:PCoU4w02V4DQoXxCFdUV3dm1b7rMv0a5

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{013D9121-1E5B-11EF-BADF-D62CE60191A1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423218036"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1684	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1684	iexplore.exe
1684	iexplore.exe
2180	IEXPLORE.EXE
2180	IEXPLORE.EXE
2180	IEXPLORE.EXE
2180	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 2180	1684	iexplore.exe	28
PID 1684 wrote to memory of 2180	1684	iexplore.exe	28
PID 1684 wrote to memory of 2180	1684	iexplore.exe	28
PID 1684 wrote to memory of 2180	1684	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\83832141f84080bdc7e88018196cb904_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1684 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3eedbce5c364a604cf71510bc3591d29

SHA1
e63480a1c7beb5ee319d9e8a7da7b899ef41b3e0

SHA256
982cc403a9993c5bd5f7b79523de4f8891fbf146d099fb38cc3fe22fc8b9e16a

SHA512
6ace9bc68d8772b3c9a05296ee3231710b40da65d5b675d7e5d0b93d2e8d20b3ac7d140c25de6fd685f9002d5017fce02d73a3b11df8e0e8a4436926e8431a7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5841ac80ce7a4754e81b10fa54b67db

SHA1
f80f9adae3526d799b8610a858205f8e1d9605eb

SHA256
71f243e5105ca6106afa8a735be463734a89776def5657dfb230af6f9a9ebed6

SHA512
aefc1d74cda9fe017602612205689be21dad8953c42a34be4ee55bbf6d97bf8290dd578181d17481bf54f917cb6fdc7d8a2776c2a67ec6767170edd6ffcd152f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef08a1ad869343938c50ca2ce6607444

SHA1
65345e61b17cf89c03b2944315f2aeec8a88b18b

SHA256
b0a8929abf9ef70d28da6157f2cf6e90bc55b7ef85b6a7379d5b283709557f28

SHA512
b1acde5b930325d5a5300dcb77ed8fa7c2ffae00596da40e9fe5453a49ca7413e05a83d775bfc3ab517212677bf0f5687e3d270e295b3137f0b0eb879d04f050

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca8f8e69263c5fb93bbb6d53ef127d1c

SHA1
57686539f5b1a8381a8754aeed2d7e59709da0e7

SHA256
824a4c5546fc155764cbfb62015e096f5b3eb9f39bcd451acd6423d75ee31710

SHA512
9d96bd9221869765fc4e084342653605945f6d9d51234b35f6d40544e66948e59772863247759f642442592a05c2fca1a7131de06cc3e3563ec5a1533db05368

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2389817df1a8c0f45b423113074b15f

SHA1
5a56cf9eb71e38b1335612876f1d4802d8770e30

SHA256
b81b31a3dd248979bba7b09e35372926399326a10ab571344c7498e5a2719880

SHA512
38ca2641bc5b10e315f76945595ea874a3f0387c49f91a0b3bcca658b4191a9e3b488016002412e8a9cffa2181e4fe798bad2d4fb2e455a079106787e7b9abd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
822525f7bde004bc47a7447e8f02536c

SHA1
f5c8dac926f7baaff3a511c27301f1cb90b3101c

SHA256
60c0275480127729ae10829f4ae72a10de5b243e3c445b7897599b2d53925c99

SHA512
07287009c1c6e8dfff44a3e4d56e8bd5a2367d6a9bdd99d8ad21fb4fa0c463dc7a40f77694c26cf9f870f909f1c6c2c4a9ba413c49865988c8d1df4521020a94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4247b5ec9776178ec0ca3de4a1d5545

SHA1
876127b5fdbf51f56b7299043ff13fc76217df05

SHA256
1e6219f2ef9dbf5e39a8f5f15593f77780dd623356afb1af605e4794f6336cef

SHA512
cbd63bea7797582231286d74730217f2e913f1e5531eb6867cd30b992e4462e07557ce3d0efdedea54f9da10fb0ca4fd1e458c71e6343745f0f7e546f3bd03a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19249c7704eb52395fc0d2a5317a3a99

SHA1
ce2f691a5e8fe25938c5de775281f224ca318469

SHA256
b4e130e57c8a40e0c5bbcc31dbc5d07667ed1c35b565916c022cf910861ba4df

SHA512
5c867be0f937efab5b191c9c7d071e44015858ea127fb9546039c00242c187c17d8a1dc9ca9e959206cce94c974298b4dcdfe7e012ba5a57bf701d81f90e3189

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f629d6040ebc827312a0795ef745d1fb

SHA1
001641374f7ffa1daa6b26699fb5d17dc043f526

SHA256
d8a7e5ef12a7bde7decf026160961f6951856fc9e703c1090909079d80292411

SHA512
501b9abf3dad0051bda8cc2e51a3e7f44bb0aa10119ab24d5e7c325f573690f75f3c61232d55681782a39d919d1aa0a3d3bc7d4cad19e34f6aa37b3233ffcc49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7e7032737e6ddbf47cae7b2cf0aaa10

SHA1
ad250ea02304eec07f9789b28ad77c8e88ccd2ee

SHA256
6f8113be1a3beff2209e33991874ade2abb5edc340cd388c388113c3a42f5094

SHA512
23541022ace958c2a6b307eecec11611bb39afa963ab482d97be628e36c2472713f080779355cce9043af1ebd707af765add6a3724daad22f94b774e2491c325

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2F4B.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2FEA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2F4C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2FFF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit