4c6c45501714d05d5d58049b4cb4966bc44f18653ce710dddcc3bac82fbceb93

Analysis

max time kernel
132s
max time network
145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83b13c25d9b735b7165b69f249dc0a2c_JaffaCakes118.html
Size

26KB
MD5

83b13c25d9b735b7165b69f249dc0a2c
SHA1

e71da11ed4942381d4e2057e43d286d3116077ae
SHA256

4c6c45501714d05d5d58049b4cb4966bc44f18653ce710dddcc3bac82fbceb93
SHA512

2c8c62c4201fb5e6610f608f25f43c54bc3f840285846c301656a32844b564e81beae8b61547be42fbf0adf1c0be96f5104c8d322dda7e593bfe40238848b216
SSDEEP

192:uqJvTFb5nzenQjxn5Q/anQieRNn234nQOkEnteEnQTbn5nQxCJVevo7NtMFo+NzJ:nlQ/83cygcrbzuL

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0A9732D1-1E65-11EF-B35F-5267BFD3BAD1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423222349"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2140	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2140	iexplore.exe
2140	iexplore.exe
784	IEXPLORE.EXE
784	IEXPLORE.EXE
784	IEXPLORE.EXE
784	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 784	2140	iexplore.exe	28
PID 2140 wrote to memory of 784	2140	iexplore.exe	28
PID 2140 wrote to memory of 784	2140	iexplore.exe	28
PID 2140 wrote to memory of 784	2140	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\83b13c25d9b735b7165b69f249dc0a2c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2140 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f7034449966fea72433ec0fdace8913

SHA1
4c42ea842ac02d10e3bec6c9651b7ee74e478e71

SHA256
fd6b15783b23ed5ab9bfd0431ff9d26c9466f953996e2c9acd61cdcb38110f25

SHA512
8aa9878f5c32bc5d928db2e9fa820312bb139ee9e088a6a26ffe5565f8740c1463a6633ddc9140caecde37db3c49971bbb0787cf63dd1f9afe469dfe9324cb48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
749a778922970b5ef20d899a671a15ef

SHA1
b0d32b9631817d743d4b482ce9456019a426a72b

SHA256
e68f9a89b56562a28cfd88616b16c55ec14afb6c9c0885aa4163d73497bd0522

SHA512
4f03af8cab56d483e7bf8b6c1ee64ffa0ecc79388c46659807ccb21387c1510c8933444623409d8cee07b12b169856c4ce814bd5600966c3219ed44aa3a13d89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51b30b80ead28617b65dffb8c4492e5d

SHA1
5db5627c9ec49a9b9e68ac946c929650f8198174

SHA256
140e0a8297e2b6b88c1264b22c40f9e2d493af30c25061441d56c66a2131bab7

SHA512
88b2ed43a8e3dac2befce5bc3996646228e40eb3e14ddc0e4657d282b7fd01c7d73f950754e938a9611fab89fea1d8b3fac333cffe0690f05bd31fc24a5a1e2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8439b76569b1855828e2437c15a5e99f

SHA1
bd59d45e9c5abecefcc51623ec38c271fab24be8

SHA256
196b01a2fd66fb63822de3bcd4ede12248108f0baa4512f23264fe356b632bbf

SHA512
cd399332fc73b9deaaaddd3b9c85b41cccaa62b1dd7cf49648b9f851693eec3c0ef63ee744143d7420ff557c7f63683e501392a9c6422e6dd77a630f34969bad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4711357d56d1cbd99d54404fa351b9e0

SHA1
dc10eacc4d7d43587df4a0de54fa17f6ec5c508b

SHA256
75b42be297631d7467f892b835ef0c6009b243a812ece9e9df8e6ce34c0c69cf

SHA512
ba1da104dd1b229618bbcbc8ba4676b91d3294dfaa1c5c48b1e23d28f2c9fd65c8977b8a1586632cd243129478ac323626513f6d01a1e49c58f011e4cd9de9fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d933c7fb1a440e338287f28ca323b76

SHA1
ce767d453f61a8bbddd4d12dc5c19e75028098f5

SHA256
cc8770127b22053fd05795bc1fdb6fed01968028ca623a3c14ccd29d439f16db

SHA512
70b331fd7f203624c43e2c06c9b6fd3a7f4c8e471e621f9f1accf39ce06358c4e0c01d2cf4ec0970a57b5b01979e6117383d1f6d6ec727fbc135598b98b902d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba592d3b7177e8580db881971682f7a5

SHA1
b72f4a27fd845fb9a2c6a7b0158a4b8648e8a299

SHA256
c158a1167969ac998aeffb06c815a01689d5557a9fe06d670bdc17829d5d4fa7

SHA512
63b448722021858e4385812331cd60299c51d8d77fd280c05a272dc6d287aeb63669b204bf9e9fbfead7e1e285a5eff6ac3bb720ccc891640767c3583d4384a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a9493072b28a222fbd2edf7729af806

SHA1
cce62cc7d01f8befe40a9a879c34b57b383e7fcc

SHA256
01e8d12f7cf2e1c3a4897bf518200f5c1b64223805fae8bad9491e2f599eec6b

SHA512
6dc2f38605994855ddbca772ebcf728b86d31855ccfd4f907bd6d4a196968e33fcef74a4db7c1d59123e5275f2240f1b6819b9ac038e69419d82ea6fe3a06821

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3af1379369a926afb7ba6dae4219bfe4

SHA1
53f7c56b93f62fd289e71fa43f8ba87d88c37ba9

SHA256
586f52ba29ab3c487c8b1e90ed90b51245f66ad0c7888aebc258335428245f9f

SHA512
e23550959d5edf38284901091180569e9763adbb36531916afc12042464b6ea8a5de89500d9ab7c5094e8c9ca56bab4df214255f2a134e7168d2c61ed9e73a70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f14f25ea8d9357179464875b2b6a1a6a

SHA1
aa565658eee3cbe983bb0642072e1db58fc662a9

SHA256
a025481c5128a94ef7de3e8a822142252fe26f576acef2d7e949b82f540ecb71

SHA512
92c74ab90ff14c42baa46af244026f93fe799fb0783a88ea6a9699b5e3526305f5f994e5ddb63152796833645391e58caf320c9be8051dd551e0eb2fc789c238

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3f8321c7e1827264b162fa125067251

SHA1
784e6e0fb53b51f60acd27a7727382875ae06c7c

SHA256
a73283c8f2509b23ab3ee8fb3cc1978398a4a816bd4d21bd28695e979d227460

SHA512
82e13c41dbd7f2dc1c95538a39ad7efa64e5be545f1302af8e9babc67a34c8a328c17c657954b4b8f54e877f5308b0a45ef546dc6a534991c92f46e6851952f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCC16.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCEFD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit