3aa93757341e9398549a6591e1646854d4de3c5583fd7f4165135b0bdf2c1181

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 23:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92fb270d7f90e4230a0b7670ce6f2ace_JaffaCakes118.html
Size

26KB
MD5

92fb270d7f90e4230a0b7670ce6f2ace
SHA1

a5e3f7e39ee9efb69ed4bc38a57625b28ee26a20
SHA256

3aa93757341e9398549a6591e1646854d4de3c5583fd7f4165135b0bdf2c1181
SHA512

9aaa2a5b5bef279a0169d5c83264a84289bd7506d9fd17a0a8d2047e5494903629aa295ccb20d831b94fef0d18cee536d58ca102af86a2b001fee59e0ec5654e
SSDEEP

192:uq0v0XKM8Obb5nwOnQjxn5Q//nQie2NnFnQOkEntt1nQTbnhnQUCJVevo7NtpFoZ:n+Q/eygcKI4AM

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2EA5ACC1-2201-11EF-9340-6EAD7206CC74} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423619265"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1812	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1812	iexplore.exe
1812	iexplore.exe
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1812 wrote to memory of 3056	1812	iexplore.exe	28
PID 1812 wrote to memory of 3056	1812	iexplore.exe	28
PID 1812 wrote to memory of 3056	1812	iexplore.exe	28
PID 1812 wrote to memory of 3056	1812	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\92fb270d7f90e4230a0b7670ce6f2ace_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1812
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1812 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f17d5a1f8f292d175e5cb06cfb4defd

SHA1
216128bb48b33d29478f11f70ea0f70b95adcde0

SHA256
d24b92cfb025f05313c35baf19b65779bb08a9540455b720bd4ba66b0868c057

SHA512
50fe7f176bce01c2b747a0f54660c34d0142870bd0d82a88583c776baec52787b2052567169d7bf939f6128bb109fcc63bda10a3d4914700ca81d8ecc9fe6cb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dcc2ce3cb130c7c2b5bf1fd35cbe465c

SHA1
1cc96da27d5db067dc8b9fd09ef57ddf6cd6cd98

SHA256
28f20bedab15c13294f032418cfab07cbf6e572298c200ef46d6aae679f15d6b

SHA512
f8f22d70f80f4d7c70aa3e7d4eb8b2394acbed84575ed28e75b0adeea645c1cc67b6809c8d81e3e3a0cd94452371ed71935150d5c38e4ee2d0b4a13825149149

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ab233ab2cf0a735dda09affa03e89f2

SHA1
ee2c24381fc18f4cbae92d349558809fbf78e878

SHA256
b03b87e0398d19ce2f090b341fa4ae7fde93dddea926de2d299e5b95aa806458

SHA512
4f22a9e72f7ad72fac4b55fb210be4bef6fa523918d5f62c46940acaf3133fa37d0245b9933f129f846a6118504836e5b117c9bfcd1a00fc03ede8212b01c293

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0446e6d37590223772a8246fea5ee97e

SHA1
f09db7ecdcdc4dc8fcf3240f4bf0a9beb655c57a

SHA256
bbb79c9158ebeb333a7e7b6f5931cf83b8bf4e9b115b29ba4188c2b395659dc0

SHA512
c23954a31de204e43405cfc5ca54b85f64346b8df42711f0925007c16cd9b45f5c2a8dcbcc2332d37db6b6ca8a476f2a2ed4a4db1a13ebb6230cb21380448176

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2bcdb5d5f9d3a2c60a5ea0a944f4a944

SHA1
a1ad2217d67c0ea16d34773676dfc9d1b5be1467

SHA256
2dee58cf184a59e401617c365be980a98dc33c24c169257f762c8b5ee0878870

SHA512
1a2a2b8d745bfd191c3bbdcbfb5626e4c8de4ec3267abcb059011e0c54cac8aedfaeb10909825acebfd510947095ab6684fec0204bc6cc3fdd338c64d9b64e3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65afe7d3403057d2e356662dcb46a86d

SHA1
e95e77a2e0c147665bd34f95870c6d62500887e9

SHA256
950479f62cc199d63a528068ef91c52f2cabff4569858ccc613f99d188539660

SHA512
3df55fea3207de399d30e42b4d427d0e5940703225b296cd6b370927e9598d4c7247fb619c839559703c58e922ea6ab2258ecdbf295454d5abe98b5ff3611613

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16562cd716d6fb5f198d38119b0a1d16

SHA1
545e539f0734ead54b1c54347db2634591755c75

SHA256
a12423c7f09cdf9d4b0d760f48b778ed790de10d35e926c61aa2bf455c3c19e7

SHA512
f92a96e5cb9816ddb2dc84ab0a58bfe9a73f71d8cda1766743cd7d320342f2e36f9fd9cd580368b2d8db84ecde2b97ed478f29639fcde2d2751248fab0036b40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c1515cf96afb8cf2708554871368189

SHA1
ac4f8ffcf47b9a015ba20384584c89e130e8eac8

SHA256
debe6ef5e9654c30fd18c03885848898dda2d8f56047f6dc4c950f587a13fb21

SHA512
c1cc115117bd2a3e818909f251985e50441884c24d98a61480c77a5c9316bd8a3f444790dfcc8cc348cfe88ae5dc95fc9acfc5fb71707ec18fe4dc2339b9a8d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3660e10cf15b298d5dcaababae7a781a

SHA1
1d9650178f59f7449c39a7ea125c8f92f51c5c3c

SHA256
6b295b67965c48e8152a51739fc7512be46f16dd6a2a00ec7c9b2b780933e584

SHA512
e2214da5c655995ff00748910bd46f6272b607b9477c28cd20b44a26f2cc018b8a59f55d51fe8de89e8c39d6d5d460c7bb007d9daba9f2a2066a0767550ef435

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1373.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1474.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit