1f6466133ececff322702fc0a660674ce3301762fabe9913a296bfea55f80a89

Analysis

max time kernel
150s
max time network
157s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 10:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83ee25e53142ee38f6d4628d94eccbd9_JaffaCakes118.html
Size

33KB
MD5

83ee25e53142ee38f6d4628d94eccbd9
SHA1

5f723824678a0da6c6479bdf1c336982e04ea125
SHA256

1f6466133ececff322702fc0a660674ce3301762fabe9913a296bfea55f80a89
SHA512

f8680c1e663e8f2dad025f7932fd4bb4a35b8ed42743589945045e96f11cac082b3d9ea93461cd9c7cfe0c7c1317b7979698f94a3a35a7a71803068301d47cd6
SSDEEP

768:ZLeoU4w5q4ZQ7102N4DKoXrAQ7sxCFdUV3dm1b7rMvs/abQ2sUhYNkzSb3JjqP:xlU4t084DKyrAQUCFdUV3dmV7rMU/abX

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AF07D031-1E70-11EF-AD44-52AF0AAB4D51} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423227346"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1856	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1856	iexplore.exe
1856	iexplore.exe
2276	IEXPLORE.EXE
2276	IEXPLORE.EXE
2276	IEXPLORE.EXE
2276	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 2276	1856	iexplore.exe	28
PID 1856 wrote to memory of 2276	1856	iexplore.exe	28
PID 1856 wrote to memory of 2276	1856	iexplore.exe	28
PID 1856 wrote to memory of 2276	1856	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\83ee25e53142ee38f6d4628d94eccbd9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1856 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cce21460cd8f30e0857faae4d77ac75

SHA1
bce77f58eb9a4d919dfa1c41cb180e6d72dcfb74

SHA256
4c5bf9d690c20bbc32a9e09471672f7263e97a054a1fc3e7679bd0617358ecd7

SHA512
ff2ce4d7a2e222c38c30a4542e7c7129c85a93eb30fc79334c793b1dc5472b60b936fbf073690eabe9cf5911f1905979d8814837faf01f778b2b85994e170650

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65fde1ade8f7cf51ff4ec737e4749625

SHA1
214dcf92a53f38f79ec2dde5498940c204b16350

SHA256
bdbe772a1805ce4fc691d0c1458123cf68ca23ff13ce28f8d4bfbf34121aa86b

SHA512
c15a537d1cf2e4792255bfb71ccf648830e8b24fa9cdcc07bb0b65ed6303bfb0103233a8c06d7a490301f9ec16bb0d088458befcf26db34b63768e14a27b3d74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
411e2325e15f456ba04b3e0051f3b801

SHA1
57501184ba1be0879bd84da12bcdad0a4c9f3f9e

SHA256
14fd25a0f281702414ac8e46a02b2159f40b981844f56eb7929c0b9c24fda3ec

SHA512
c634cdc75a58d4d7324bf287db7de1f75c0043f8bf826e82bca5c07cb7fd419e30de932965a9e183ea3c89476ba71a465650857898052be2901d4fe737c0a59e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f20b2eb20953be41be4314f1c88c724

SHA1
ecc40b68ba9051c99c7bc7e4dddc78e6ae146413

SHA256
572731acdc9d227d6e1fc4eb34eac0f309fd1690ee54d9f991124ea54b6ce91d

SHA512
a616bbaa0c2b6e56e8e71aed266a70230173b57f69c62b71fd6dc8819e7e114c8131ec176100c187234788d4d9029b0a979aa1a82711fc361fe78e35561d2b8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37a075b4114b76304a280b601dc68ebf

SHA1
5d404caa8f64f9ac6de9722c548037fd14175df8

SHA256
d50ed971bc5a2636966dab15289f97fb04f253e73804d19b91d4d7484660f273

SHA512
88fce0d18e3618be0ca22d7c9d20a828d8d15fd60d22ed0160952df5615a384e4d56c03f9231ea2a6217ccdc3cf91963dae41824bfe0513ae48168632c120df0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2cec895bbfff5f3d8fe16e1c43192393

SHA1
1aaeccaf5c5968e090bbd720cc3ed8ee9dbc1be8

SHA256
2d09b90a218df3116f5dcd32b8de7915f9713e0479bf463ffcb4fbcb3c0b56e5

SHA512
fdf069aa6bd8d2f9ac49fe4e15e7e939d76babb823372537e2df9b3b2b65b4890ac4344b065cd30b47b532d2f68066d364dc3ddd143b16a75ad33e1be3c5f299

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90239c5ac48e7f589160d276d9e78d82

SHA1
1a020dca593d1541f841fb580ce1421e1efcd7f4

SHA256
cedb2e811c3ebbbdca7c865268216822da0b5332284b01728830e4ac5734400f

SHA512
aa16c187336fa1db1624b19008066a257dfc00bd33a8fb016c6565a3f03b91620d9a4fe07136d65f09db9b4dbb61257f0bc708f0bc1306fd3f0cfb4b01001961

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fac762ee82dcbedd1346552b518b9b96

SHA1
224aedd81358dfd0a64ab83d15f786bccbd45f9b

SHA256
3e2ebd5ebce3e64451252ac24807d5e34e6307c7e6df630f0768515e8182903d

SHA512
ac74a6491b919946c2697c4bb815e7cbc69ea0d79ee837d5b04d4ed5a5f8f7f9170026e21b86b8208e167dd09f349ec0bb4182c834453398630be1e540f602da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c5e4339c241c800b3703e8c3b233bcb

SHA1
19245b8e9a34735f7369c529b8811b9985d2d6a9

SHA256
59e19ac1eb1cd8b0782b917ad8f29f76cac27fe86215639ee6575cac8481976d

SHA512
05887d304a68f0e05165e3e75a5f92b2b128db4d3986c9fc09ae4bebf212c647e89a1e4a0a09f629dfea6d11e8ae4185f59753674dfc5d8e0fa3c0b677d856a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dff3565126a45daa883365e227c64a85

SHA1
0948c75066509c114c859010677941a692677131

SHA256
9faf09dfe0314bdf072108bd0b490003d40e3d5c5b8dc52a0e90153c7772fa0c

SHA512
9874ce74ae16ba33e9daa96ccfa03df77cd7a1152fe078288d11961b3bd1780ee92d14598e0e90d936ec85c941e75f19f87aa7034d6c86f8942746d701676dd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fb33f9e1a2f9599f18ca047e4c629bd

SHA1
998730922bccfde460363aae86a92672bd94a930

SHA256
031a3af37734f0a56680ab7f96f55db9541bfd825441697ece22c8b7559b5705

SHA512
bd1d745f661a328179a07086f0f125550cabefffdd676a6f12a58c9352b390d7ac022c16d266de3812eec7256b210546b0cf5eeb67e5f0d5aa7c12e19f862c55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2685.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2687.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2729.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit