5daa2ac0fa0d37c19816fbd02a53fe8ff2e01946414a29cf04bd89bf4e24e898

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
06/06/2024, 05:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9a0a98e1e00422983f8a6ca0cf2b384c_JaffaCakes118.html
Size

43KB
MD5

9a0a98e1e00422983f8a6ca0cf2b384c
SHA1

d0114a27334913c265a936f94a38026a7b5cf27c
SHA256

5daa2ac0fa0d37c19816fbd02a53fe8ff2e01946414a29cf04bd89bf4e24e898
SHA512

32455d300be90177c8ba9e78c84a396a3b186e5dea7539a2a2c28015abd959001f446c3f1b8bb20d43d7b2969dfeab3d272fa57a58ffaad065b5dae27c02946f
SSDEEP

768:bI+vbG2+0MGi+vZGIikHhGRGXiOgOeGBGlGD1bvoTh9wt/wOenUG:s+vt+0U+v5ikH/iOgOUWtYOO

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{094D8721-23C5-11EF-92B8-52226696DE45} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423813332"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1636	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1636	iexplore.exe
1636	iexplore.exe
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE
2480	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2480	1636	iexplore.exe	28
PID 1636 wrote to memory of 2480	1636	iexplore.exe	28
PID 1636 wrote to memory of 2480	1636	iexplore.exe	28
PID 1636 wrote to memory of 2480	1636	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9a0a98e1e00422983f8a6ca0cf2b384c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1636 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f27455ab977b280e14f380ac30aa7c7

SHA1
aa057839dcc928821a07a53ee57cf0f4e2c438ab

SHA256
4a17056b1e83bd6a96b1f83c9c4ff1962e887b88d1311b8c3e2ff3a82d8322c5

SHA512
d4923568f27b81e0b056eabb5c12cb561b84f305897f1c7c05e39042345d1855f8d19967060212a576831c6babb1a2970c8b927edf722dd00368a784e24bbc24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20bc13351cbaec9e08b7db0f16f22105

SHA1
5e14d58d2106a6ecc1d93030ea10b9e3f4f9d1c8

SHA256
38b6077558997c8d30ae951987ad3f0501f567d53bb9a46d7a6935fa4688d177

SHA512
ff664594a2af21bc5b5001d7226aea796ce83ecacd9e2fbafe3e1b894898ac0c40240f0bc208c59e90a53a70d7bfded70e9f4cc8b448b87178069cb836f8157e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31f1eae177926d5085e5e7d9ea0428f6

SHA1
69668e91aa211f768198c9856e7101f63c277c6f

SHA256
b59604ee1a3a992a5ae8987a490a0f1dfd550c504d3ca5bc1fbd5c8399ae2aea

SHA512
14925a948c96ec29dd39b03616eac21121dc315ef1d65a881c4571c35808851ff38fb2b42dcbf6d25f6a46e34b0f11172a614c217fa246879b48c9ad220a7ef7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2146a73d27cfa8baa139b9ace10624a

SHA1
0505d68bfc14e783e149a5058ad9dce00af3b99a

SHA256
5d740e23cf2fae80bcca611ab1e0de642904bc124f7c94a6ad7dfced8cc0d072

SHA512
edb55fe03da6cc58d5be72744dcb7f9980be3549cd3558a14abac9cd20e18563a96a4b338934bd2ca2672fef02ec56f62bd1dc89b05a9ebd0e32d33dc43e2fbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53b032ba0dac0b1f45713544b8c7096e

SHA1
ba4e1391c64324eafa7a81ac300facb03665c1c9

SHA256
bdbc0ee6c01ce1b7edd6bfe2d30f4e388783eba990092fff17679ebba60d74f5

SHA512
5f7cc018c27ffd157c7b6afcea5a6d6e5dfc3f366e3c205a509c66116c9f94928d92fe4557c49426585fbe6671ee141b9f644a27429c11af077713be77d69107

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0917bdc2b759bb0cb108ad8d2bc6190

SHA1
c620f423cd941dbfa27e8b2e709f9451cbe1800b

SHA256
5aa9928a3c1bf9061406019054aefe40738f621957bc6750efc5a7915b14969a

SHA512
f5aec6e3b61ae15ea8a3a8f100ccb23716bb1aa61ad2edccc7468df393612dc26c94850170bf6fee27bdc529ed91b99ca40ecf50f48ac8a93f228305f374c426

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0514c7fcf5cf6967c08ef00827590bcc

SHA1
8f451468fc2ca0d32514f2be21668da94a4a6a21

SHA256
266bd6ede535093cdfe8ba050aba4e621d91a15f26737f568decd1a60a183207

SHA512
ebdee8e474b30887d5b5032614506951d8d1a376530ddad34e0388fb42661fb8f08980356e53eebb01e763ed03f134949ca487f12177382254c87308f6e748ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27e17033ec2f78037a0a7cdf2a8fef2e

SHA1
58d2bd96723234cc71e3c7964e2ee6e967808e83

SHA256
399c0e4e0ac81ab0ddf44b8e67d30bbebccc3bc56c469538eba6ee17b125529f

SHA512
674913ffaf39bb7764c1bbb410bf8b86ff67c5d732fdfdf7d68330ba63fa06b922b62a9ff2d4937c11d6bccd35271a1b54cf82a6934730f83b4492e9725ad7f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc13ef292f90bf46013c5c75e7f9582d

SHA1
a6390b2794ad0af717bacc52ff1df8c3bcc995f8

SHA256
a9a3b56f05a0c87f6c8a604f671d3ac65a10a3b3985fb6267216a07624f1c516

SHA512
b21896abb47e218f998826199ed9e07302e3dcf75175ab40483ae82fb388e3b80fe648e4565b22d5e2bdee05aebb5a7a4abaf46e5c5870cd9ce3d1532a7e3882

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d95df8b81b4b56ce9fe38707621f9d6

SHA1
f158be5bddeac8a48083ee8f5210dc37bd281bea

SHA256
c4751d65fcddd6049c1eecc5244180adf2d34fa98729a57825f2f6bb45839609

SHA512
abf38fa307e3d96bd96977557dfeb8a7b1158fbcdd84a179ba97832eb4213c0d65abb2f00f7c008d03abb35ec26d61db88009ec501325cad8083fcb8fa7055f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1B7E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1C5B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1C7F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit