1f7c14f2db7d07423020c31fba08afff5e945d362a61c167882d615e6cc24f0a

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/06/2024, 12:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a0bd5d50ddae31f410ee017acd996a31_JaffaCakes118.html
Size

21KB
MD5

a0bd5d50ddae31f410ee017acd996a31
SHA1

55b432d659b7c23e145afd1bbc58d8294ec94a14
SHA256

1f7c14f2db7d07423020c31fba08afff5e945d362a61c167882d615e6cc24f0a
SHA512

5f29908fad3c2bb8710493d27044bf27a71a181f8a42318cd7ad8fd0e992b07bb410cb157c9118d45131d32d9ee69d5524e571785f2e9e681817c3ee704cd54e
SSDEEP

384:CJX8tqMVHVr6SW39MqL4wf3Zgnz0o10uutNfdxpJisOwcbt6xFWTFjXhKujSGTw0:CJX8tqMBJ6fNFL4wf3ZJo10Bzd/JisON

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E9C90461-28BA-11EF-9542-4A4F109F65B0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424358740"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2380	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2380	iexplore.exe
2380	iexplore.exe
2012	IEXPLORE.EXE
2012	IEXPLORE.EXE
2012	IEXPLORE.EXE
2012	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2012	2380	iexplore.exe	28
PID 2380 wrote to memory of 2012	2380	iexplore.exe	28
PID 2380 wrote to memory of 2012	2380	iexplore.exe	28
PID 2380 wrote to memory of 2012	2380	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a0bd5d50ddae31f410ee017acd996a31_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
fae042feeb3df44af99ec9e10be5c388

SHA1
fa68d76b83651b1f9227a457e9cc43b28e61fe09

SHA256
f2553db5c999ecc5b498f868391f9334b76ad54f0f38f88edfcfe1d0243af2b2

SHA512
dac46d84de15b48642ced91c40719095cc6e0eec9b9e69fee421b833dac8992209969ca506f07fb32b68a1bacb84be6a1eb6eabb50ed0a2ec909b5bc682c9843

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d07960d754f7c13de5e637b751222fb

SHA1
a3225620bdf42e0f2800b7508cc686e8e991168c

SHA256
9f07d91818854d395248915b8c8d97695ed67ba3f45089fb1517969fbb486884

SHA512
b31d2808c193a985cf28b5bac9f2451889865f744dfe99bc11a1bd85fd3c7bd62a8c1bcb39eb78b9d04d749696e7a3f72c4d078531e7a156d8396420e0a2c869

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ab0b99b7a4942533c39b505a500fb0a

SHA1
5eedac75a7dc7d4c7de7550cb5e6de5c3f66247e

SHA256
9d4aac6ea85563699fe8704ad4afeb0d50a63eba4fa138af0631003e521c8a37

SHA512
c429c33c9717ff7aa42b097d122039a9004aa262256af6953174b29e81748a4f48b560680379b492b5c86c670ae0985ebac4610e02c14b5d8e456dd365d99960

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88c0e2cc098c829b96fb263daa7b95b2

SHA1
75ea4956ac147d15c3eaaaa8e04ee555d300c6a7

SHA256
03a1f9451271ae5a903b46c6f90d113e30402082b60f9aeb11786e3a68c8b573

SHA512
ed457cd91f541f9edf51d633febdcbe54d7d383a36bf04e1c8f63b5648144b375d4dbaedda83590d7d67ca46a8f2d9e58e1664dc35d54fa655f9fe1ff9d257ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec6e237272dd80fa7e1507e38d929209

SHA1
4ce7baf960b7d743597fe41e5b5b529f7abb0928

SHA256
43c6d566002cecff7a5bd34ad782a84808df707252f9c03f6e563295b21d9c91

SHA512
a0fcb27ec1b4d701784354482eaed0e72c0e2942df849ca7500b3e1d2091088c695ff646b9aaaf2c33e21f22684190c8c100bd7cc287e1ea239675796b4859f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
acdae1e5df46df984e02491f950d6552

SHA1
74b67a2014448d9f839156386a7554cd3be1927f

SHA256
bced9621b289be099397435c9001a59df2900819ba6383fb4cadcfa62c749b29

SHA512
448bc798734a1201c1458c52ad964535f9e2d24c33987340e4f77f08345359f6dda3df15b3674c8f52d0c546d4d0cf94fb40d3383a2593fc0de11d372acca55c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2878cfdd63140748e4fea6d0152b29eb

SHA1
8fa79fe5281d6f7cf396e180066b90c79afcd0a6

SHA256
f8f39af9062a61eaa095fd8f3ac887910219c5f5e7901f9912882707b3f374b1

SHA512
f5826265be7e88c25a9b37f2ab216e3c4e30ee657771b0e87e1685ec19ae9e8649bf4a43a0c69e8248c6a08f3adc49b161332f70d9e96f936e16535342b6967d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1b661e6d80d0b68b427029433b777a8

SHA1
a31f0a25fa8572f012edbc7048b707615009367a

SHA256
fb8f7e748352448d369fff2b13e932f33cc46ca863cb3b2eb5beac1794aa7ef3

SHA512
4f3c13dd772d7f480096cf85a7dc06b037cb461ea41afbae9f1ad9a924c29bb9b595f918ad2a6789404efc9f4d103df5cd32bd0f5ecb114268c0578bd76d2dbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40648fd5b2f0f3e8af21d1c9f669e0af

SHA1
fb9932225629df1fbb391da92f1576871a034d9c

SHA256
2894d14143671c87911afadbf7084e5ba55158db0b42d515a25266413fcc4847

SHA512
9ce568b0ff4924d3f44ade1a796dddc0dcdb13f2b0d3a918e2dace54c835edbc99b3b10da40134cc6be8e0f72c8166c83bd309cddf42465f7b453027fbe5b955

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18599ade1607a9f36243060893253908

SHA1
9c2fb7c47fb2504999c46c2178fd68b655852157

SHA256
d126938faae96b469112075b19d4bbe19145e18a7870b99308ef070d1fa53da0

SHA512
0786bad0b4f8bf7770401e577a885ee749d72f6028d13a2b213f190675482b76229bf2e37ce61e3c8c8e0bce528421300e452a88a18dad11f1345933866a3221

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
807d6f3d34f7ee41052a611f4d41241d

SHA1
e99584b186dc76e606640c47192d548a725b8e10

SHA256
35705c59a8726e375b4c40f345e3279727d7b06535f16ba113fd60fb2cb30d30

SHA512
952d9b221ed7859a71ed8eb935c7046cfe8dc02116fd2bb51156e5b9997282963b1eba250b61e8b959deed2c37a541137e1fe86b571cb65429f385096393e4f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
0f0aec3d4b9a38e30e83d9612dd491e2

SHA1
0cd143a9dae5349e73e33aa20f9830791252385a

SHA256
be3638f574c202ff51960724fca47fbb2eda3f0f515c29e61a4ac563a929a8a3

SHA512
23f8f0a9bcbbca5372ca4229c94f06f4900948f4e7f2d2633e258b10d23a1645b2da79b83b63d0eedebdd9ce1cfef0663bf0f721d2e52411c1929241248bda30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1887.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit