59eefa248b996ca182765330d7d689409e1a1440fafb2a57681110c1a61da0c7

Analysis

max time kernel
150s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 13:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9ade5a1fb2dd05a31599e7afb1889b5a_JaffaCakes118.html
Size

27KB
MD5

9ade5a1fb2dd05a31599e7afb1889b5a
SHA1

ec0e77990d5b75c2550bee5f4b0ae65a2cd51d4a
SHA256

59eefa248b996ca182765330d7d689409e1a1440fafb2a57681110c1a61da0c7
SHA512

b1170d821ac905da5c905a2c5294d563847b9787903f5f51d7f5863f5b228753a49ffb715be03f3cf2de7b95754d22ce2028b24f2080ae30a3544934ee73fc99
SSDEEP

192:uwzkb5nC+nQjxn5Q/1nQiegNnOnQOkEntbfnQTbn5nQ9eWkm60FcOQl7MBAqnYnL:fQ/Cr8ycpSKVn

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424189097"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EDD71241-272F-11EF-9C59-EAAAC4CFEF2E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2004	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2004	iexplore.exe
2004	iexplore.exe
2308	IEXPLORE.EXE
2308	IEXPLORE.EXE
2308	IEXPLORE.EXE
2308	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2308	2004	iexplore.exe	28
PID 2004 wrote to memory of 2308	2004	iexplore.exe	28
PID 2004 wrote to memory of 2308	2004	iexplore.exe	28
PID 2004 wrote to memory of 2308	2004	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9ade5a1fb2dd05a31599e7afb1889b5a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a66b48d2a4e66e5664d58f7d480b7b9d

SHA1
0ed78bbfc12c1532c693634ebd0fefdc4764a2e5

SHA256
62c380ebc4b5cc1c737226653294bd7af0dae9e1e5e671385b5a967111f402d6

SHA512
c70696419753f286d8cdaff3149b26f3b23a3264d430664fc04072a2a84175e8461a923572cd80fba6c836de85786d428db1399e4262842fc582fa418ece7878

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48a1c443a007b26253ac0f17081304be

SHA1
a2d5d8f78c9adf6f44f7594f7d66c9bcfa2c0d83

SHA256
0d79313a03710880c84f3e97b4e5c36c089cd51c3c175eda2456692b327714ba

SHA512
264973cbeb8d04046f7bc1290b7b7f4eed4ebd176db3ab29d8751031d674e3f8690851b74ba0ec7108ead7048cdd9b6eb1774b96163712dd4e985bacead81fee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82d423160314fc2bb9aab4353dcd4083

SHA1
9ce4f92f2701df8b3eecd85675f91b2cd8fcd02b

SHA256
78a8a92af882df56141c14be2793ccc2100c4d2d0c1aaedfcf578eeb93e9b388

SHA512
e7cce87ca3d2588793bc7be43576e289b7150db040d0c7c8fed0eb8a1b5c5e48fdc5b458403f625e6a4d92aaf846026210ba379a38e7556227c5b9d2967c604e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1cdc1f4c007ed111012e3bf391084dc0

SHA1
1ea1c3b7bc1c49d3801cdbb9f784b44f39f851e5

SHA256
68e75c25f9f3a656a87caf831c9a609335a80a6d9f88fca14758abf37c9d4efa

SHA512
7c30a022a2d24c391b6faa2963ea7234c2844e19fa9e2529048acb11de5ba61e57ed27d2c1f44f34f963b47292570e67ac0901be5c83ae8cf1f3cb57ad5a1681

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b55a4bdbc2eae0723c87272c242de44

SHA1
1b74010d7a8fa13a46e3a62c34823217a4fd2955

SHA256
998354f413f8e19ee656a269b913bfd944ce771d08ad50fcf6ca11ddea893633

SHA512
c75cfb6704a8397a944de74b7b948ad44bed36a76c8e555c4705a7af321afa41566f4dc76b537f1950884905def444bba14b51b65e603a42122eb199e5373201

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89c22af82ee7b43b8d054d111429cee6

SHA1
9ef93af86e70561a574e5040f515a65ee55b55bb

SHA256
63c228c9348c01c569e37249c02a02beb7586572709970837ab21814a2c5f975

SHA512
f60d6fa854445772d4ae4a1b5be9012b452bab230e6db2d968cf277d33b3ae62b5f2b74bab5917b41af0bb160edd76ac489f145d47062705529c5c040d3c2cfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34e69107650c241b79bca98cb1410ba8

SHA1
9cff0f2f6b2b0ed02fe73416c322f446d99a75c4

SHA256
641d52ba6510950471529698cfaa788f51352e82c037125aa0953e05def16e19

SHA512
ede6af1d9970f6eaa8ccaeaf36c89b5bfe8cd0608a895c6816a7d10cfaad448ddd09779c9c5ce3ebfed6dc56e3f5834585c1eedbf045ba02982381adf0c65f47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d4dc728cd69c0b07a803c1cf34063bc

SHA1
00a6416a2f1be97391faea32ba23f089fb5d529d

SHA256
ab6ca5d565b769d7cce74b72f877dfd4dd1a388697e95745517c0f72d2e4494b

SHA512
54385402486cff79bc8ea42c2dbc95c8d8c7a6f65a934f214cddb8b6c20fed5380b11c304273816300b1c693134b6c186e0fd24025870babb71adc58b08447e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebf94307692bca88058c8fd45c9e4aba

SHA1
168d5a4f2d61b863c7ceca4d8c67b1e844428680

SHA256
a0c27d4daaf6f2eff9194138379092f853cb9e7f5e03d830b05cec7c3c08c75b

SHA512
2af9921a4301ed044bc04a48532f9da1e8c17345c5243aece80c3cef13a78140a917f8c823c608188b297a5fef9ebc38c6c0977748a11663e2ac584736426df4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2aeba596a462673ae977eb2050c2d849

SHA1
dac6cfc68cc1063a956d6a3cc96543683b105c27

SHA256
8631d7d92d53509406b60490340558663b3f50d4ae4ea1d1b81e299ddbe3861c

SHA512
717bb4bad1a9b0f082df0c9819e0cbfaa32b16f9ba1b6b477a325ae139836be917fdd812045995ee5165186906a5a7a52e1af294bb8baeab6c1546f77ed163ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41efbdef6c04d615a1e8061c400145e9

SHA1
757c0a0e3b2e81101c55bc3759acb4954e732bfb

SHA256
699eec2747b48fa5b648f97089eb0f1a1627059fb53507e4faae97723b0f7de8

SHA512
5db9100d51df16e5281bff206b8e0dfe7303b06756a87ac600543a0e4eb764b94e0a20070dbdf48560e05a3df6fd47fbe9f3cafddedbc7a17f464543a64f0b5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2921d8c4e288441b19fd872af5bcf1e8

SHA1
024482c01444e8900185563a59ad540aafc39d41

SHA256
997e3dc1581f63ff6f8f0fe013ab82affa9b1b6c2ed8f2d41c8840548055dae3

SHA512
e546232946adf10b582364c745923f41ec7913679149f3a4bacd565f9dae656b3528ba52146893a406768ebe048129733fca373c5e3acb656c86388446f6f445

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9677.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9778.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit