cb862b44361fb3146c6bf66a4ec7d600bc51da17d804116f1f498c8fccbbefa5

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 10:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83fa4e1ea04e66252dd34ce4a3712bfa_JaffaCakes118.html
Size

26KB
MD5

83fa4e1ea04e66252dd34ce4a3712bfa
SHA1

8782b583b1084771efbb4fabd79d5df6e471deb9
SHA256

cb862b44361fb3146c6bf66a4ec7d600bc51da17d804116f1f498c8fccbbefa5
SHA512

a4b462452160ce43c24eb07893d6931c2dfe4daa3cf9f49d87ad1cbba7a257309306664b19c15db05b5a9a21b2affbefe09759f0766d7967b201802630705635
SSDEEP

192:uqlbvRb5nL6nQjxn5Q/KnQieRNnAnQOkEntWAnQTbnVnQBCJVevo7NtYFo+NzQ46:nZQ/uygc3HnV

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3FDF2661-1E73-11EF-8C89-6200E4292AD7} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423228448"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2244	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2244	iexplore.exe
2244	iexplore.exe
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2836	2244	iexplore.exe	28
PID 2244 wrote to memory of 2836	2244	iexplore.exe	28
PID 2244 wrote to memory of 2836	2244	iexplore.exe	28
PID 2244 wrote to memory of 2836	2244	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\83fa4e1ea04e66252dd34ce4a3712bfa_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63ae5061a0c70a08c5ea2509260e55d1

SHA1
b26bb8e2bac9f1e5ceeb5da4c48fda537ab28efb

SHA256
b8b58000a924a2f76b7db768415bb745d6fa51e8a2013ae8b7a165abc496f4a7

SHA512
d7b2be69d204b1a0faae280b05fabfb8735fb6f5ba1297c34e5efb602c94e713cab9d91b281bd4189e101bf8406604d61c3fa848abfa7e554e2cffb145ea3a0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
227ad8e33fec9325c7814f7d150ccb61

SHA1
d540bbb0122720e92166cfaa870866fb93885749

SHA256
31b8905e2b2ed1865de7b04afd17b78be6b8966f812899a94c5a172676ca9068

SHA512
b7bc51b0c4d82f5b678ba5cdc045fefb0b58245182e69a38bdde9003e8b34e322539f861dfe39c4aa52f639e2a555ef37f50b7442176c45ddb94896e1277ecbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f726c3f57e3eba2460f7f086a8997a3

SHA1
42d522fc2826a767ec59dc65e3a9b3f6b118b708

SHA256
3678c82ddcb155d0ee3f67871a05d2a86bdccab0c935c5be7c5274e74b61f6e4

SHA512
0e75cfd8b6fe47ecb7f5ec04f4179b529c9119c6bd6b645cd7b8a456e0247bd4d04cf5caf1d60f860d091a2dbd834b5b6e07beea6827091c04e935860953fa3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1c0e9b701d288eedd15525933914bbe

SHA1
ac3b21d80d2d475213acc88119049660f33d69b1

SHA256
5507ddeb9d75d807b2d346813e0a65c520c1174ec5d884ec125fa29cf68f3348

SHA512
2b8af2bca45765c65606192569aa3996dc2e9858193921862e4c6f61e168fb6576b54a5bcb3aa33bfc5638d16b251e127fd3b72afdd0a5a62aecd8fd027ba1ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95fc0efff5d5425faa231502bd946a68

SHA1
e70258831ccba9d4d9365b0e67e3c9c97a4bd725

SHA256
f37e101892aefd1d30393f5e61031c5c3d3bf79dcfef463337d39d8f692163a6

SHA512
20acfafcd3f6488238c1c8efb8aa44f550f27a685f4edc647f7613106aed42122231413d0ea2109d0d7f5b6ccaf045b8a0ade7b9abfb619e0ac6c750e0eef9bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6547d95e1d6e1f0233d9cc921ad4f59f

SHA1
d6a6e5f252ebd355139c049aeea9146e2be7ee04

SHA256
6889206bfe9ddc3d9d2c9407768b6056d339b88387d3493428696c26d02aa958

SHA512
6a34c657036cafe2dd3c02ef160ff969adfb2585c88d8760110af03a52a597c9a1e3757f8b423a61be6f971911d0f167a8ab98830e08768eb40e3eba40098272

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b66b25e75d8bacbacdb753bdd459e00a

SHA1
614c1fa65e58d398f6313f9321d733cb34ee0ecd

SHA256
74104f4a4ec5c02b1bd56116ad31e6d9d2200863d3eb949b797cb5c8e50e19b7

SHA512
cc3f72e3c09c26bdbeec159dfec013767d62da629f6a1d317f814748e474f965cb5b914cc99853bfd6ffbebefa7022363f106f2176b87e4931c5f6c6b3613115

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
723fb829823bdc9bc46f641933d2f227

SHA1
96241e4fe664135ecbec07f2268b0d764eb341c9

SHA256
2058b5667366493fad47715a6c81288707815a6640b1c72ecad7cc7d49e36aee

SHA512
332518d56ce5a6da2360d863332bd9fb5ac9fb92f37ba1cceffe0589e8383a1680fe06593b144eba4c024033b540fdc66edb6aed571180655ca35d6edf564c7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
144de2965419b41d5a09e1b0bf77d431

SHA1
98b9b4021bbe3f804fae823df2349a341cc78e48

SHA256
9a036fea5a5ab7666f6d42ef99fac8e08218ee39190e41cad7303269528dfc3d

SHA512
1133cb7b0f781e8e9fa2f34a083e9f0795927a90a1d3360fe72baf5be9e4da79a55157202e74a49e1567b079638bbc42ef54509c5504fcb7162a68baad62bd0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa0ee3fe779f860f760cebb49a015dcb

SHA1
9f8754f68642794ac7daba00f232d68b54daf0ab

SHA256
fed0c9a08a8cbec921e82a4b90d5192fb5ca765f2f688754638d848366536175

SHA512
4f14576fb10db5258c922f0a3f24b156192a8ccc44587456e74018fb8819300747e24ad5bc81dc06caf8b477e684d6627e484c37f347bf1bb58ab2d23a5854e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a46c36b3d8bd6d26ebcc72730e7237c

SHA1
4d58f24cc375972eb5ccc6928e9eb512d2e142ed

SHA256
38fa8819c401a8d594cef985ea2ed1feed63e3440fc9b5a2948045430c6d9007

SHA512
9f8bff402bdc4682eb779191956f2002bdc149be17938252625ded4eb64ec590986e02a2abea6e988f703b32c554057191dbd0b7a4b8da172f1f3bc3e78eb4e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18e36a59aa85194d516b511657fa7835

SHA1
fe2b2fa2979e96eb5a4fc4c0721754be9c06cff7

SHA256
2435f1854beeb59ed8f64d45b085940b7acd5f046be084e0a78c264f31698b88

SHA512
ac7e9150b39a46eef28b58565e429515d7e57d09e1718303e4db9cec39210795fddbce564a28068821fe8a002a6307670f8125a6d6eba34522c737c7dc60f5a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab22DE.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab235D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2381.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit