1936dd85ad55cd48a51ad774ea8b40613a219f6f7b3fec019df080da134018a5

Analysis

max time kernel
118s
max time network
132s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
13-06-2024 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a448ec4a6f70269277efdfbf8d7218f5_JaffaCakes118.html
Size

357KB
MD5

a448ec4a6f70269277efdfbf8d7218f5
SHA1

d756836d5c3bec6a91114c535df17102670f6fc1
SHA256

1936dd85ad55cd48a51ad774ea8b40613a219f6f7b3fec019df080da134018a5
SHA512

343bc1e4bcd900fe3b47ab2c9b991584f853b3958da65b5df83750663b4c01e66348b1e2d0973a25795f8978ee32d032806c14ac112968c95cc4c7c050c149fe
SSDEEP

6144:SmrNkBW5lfgfSLpfPrrdXUiAcjRyQ/dc65VSjRyAENTcH5ENTckj:94MfgfSLpfTrdXUiAcjRyQ/dc65VSjRe

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424423306"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3E0C0681-2951-11EF-8F1B-D62A3499FE36} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2960	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2960	iexplore.exe
2960	iexplore.exe
2036	IEXPLORE.EXE
2036	IEXPLORE.EXE
2036	IEXPLORE.EXE
2036	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 2036	2960	iexplore.exe	28
PID 2960 wrote to memory of 2036	2960	iexplore.exe	28
PID 2960 wrote to memory of 2036	2960	iexplore.exe	28
PID 2960 wrote to memory of 2036	2960	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a448ec4a6f70269277efdfbf8d7218f5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2960 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11bfee3661cec0eb051d9b2e7599f9f0

SHA1
db1046efd42f659d79d5619ecd31eef7a261dbfa

SHA256
fbb243a243fd3dd58911b60f64fa266ccbcc887c4d863690ef29b74d259b2b62

SHA512
76706e2f74c05dbda36c3436b69637c15b9b1d00ae105dd6b54a0c0a059aae1ddc992320c2c4d0083d74f4e99c648604570031280272c6c0e08f2120b72ef11f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ece146a942244dea1756395e59e00c9

SHA1
9ac648a8a07c8fa112d9c210b487651974711d72

SHA256
7ebadd3eaa156522a039a2589a8dc354e23c1829916297d099b4423924a07325

SHA512
fef0bc3aaa7a033d84c27bd3655ae64139d5b570fc3feef0c6c4e8097345ac65f81cdedd29b846a70ac675725def6035f4ec0a250a832cdaec1023d7aa938378

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57c521f0385aa0da446980552c552104

SHA1
9278be5d3e2ed709b8fa924fd94e964ba3403e08

SHA256
aa5a137132368e3959172051ce0eaaeabd9208bea391c473e799349f7033d188

SHA512
4ff373adc2bbab1a4c442c764fb34e1e4da032aebbf0c91d0ca81d1e058c00fa60fdcf86ae07422690e85431458ed0711063bb21bbd3ccd407ff7da9f62d6f0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd59cd42c6f31848220408e4bb002eab

SHA1
189ecdeacb8b1625da779991461ab8f2a6813bf3

SHA256
b984ff0d96acffb4e5a9d1d7d18c30a7249af41628f0f54d2073957a2c1afa4f

SHA512
87bdcc1821752c6c05306e9e2b1498218b289de868ae9984a23adb0621fd91ad57c23b94c4041f5c56c747470728051086f421b420ec3e90d47dc1a180f41d7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c5336e573fbd84afa4488e9df277280

SHA1
38c5673ba887dbadd7cdebb98d7b5248705662a9

SHA256
a3a5a774cb9b86cb27bd25a843a80560e7b8c7c74b4ea109f2c26d548cbe9902

SHA512
bee5ebda52ab9c1c6f258f26064a42d937127daf727e57ea7ad7436cfecca98bcaac69691719ebb6b25db5121bbf467a8b53d0bdf8fb84f1dace15b321edad6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f87e8a74d9696ac3013c9c78e2969814

SHA1
2dbd7f93a9a4fd6b339f59839592b6620395356d

SHA256
8a83ef62c78f207258b90b69f2399e659c49aa815b5c9b161746382c9b83b033

SHA512
333b2a0fee07c2aef8db20ef7f3b9d63f5473e916237e54d8ca7236d695805dafccdea88eded65b106bdb8c037f30ea3f63ad6dc83d1f0b015624662a3305775

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6572976bde46f2dd2add194740379127

SHA1
f86e87f89d063386effeb73624b4267415587a96

SHA256
dae5318085e006ab4bbe1f75cfb734d20d833bb8706c0686ca159742e1f56916

SHA512
48b0586e5f88f9de1ab83019826773994b0fec61df8da95d4c51b0b582c3086f8fd26b85ef9642bbe7e5ed43f9c99210b81e085d62001d868f80ecd4b1f98caf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33ee99b23dc32fc9d4515412773efbe3

SHA1
fdb162653ba00bd4b3f8636e758a19628f6f9fd8

SHA256
661b9ce23882640d604466a830752fbad6b3c2409f0b703e8201a1e618bc5e15

SHA512
9a4a38db7d1de8edea9e54cb84584988b24559230b45702ac09a2bbeea3750502e4e1097b257c47e25c8bc6e6742e22eca7abe090e1cd20ea67ad1fc5eabfd2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90b17e83f07fc3ae625fe780e6f08921

SHA1
f301dfe8e14ec942c1ed69a063f3047e0fb1df0a

SHA256
85aaed4495910337daa348cbd2172497ca538a5c696f7b009708cdc531fc9035

SHA512
8e0d16ffb78c702089ac1c7c7e31d4446d2de68682bc6a3738fa0e1fe6a8374bb4c8a8476fc9fda1b69d36536838c1dd86c6ccc4a057ac4416e940c85b2f800a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd4e6921bbc4d305f03b03c9882bd929

SHA1
4ba16ae09d1f6d00caff54ebff47195c5440f645

SHA256
3d26b6a603a003ee1ce2d8619e800845e8890077bbd342b51711fc055161d60f

SHA512
da9448a4a46b08ba6fa944a61ebd515c6afe023dec8daa4ad3b0d97fe6792dcfff2b921e7550ccb813fdf260b7d2f5746b621ab9fe4f88e1b4ba135551c0013d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
160baf46ed08ada97bab08529afa76dd

SHA1
6d0a956b8abb53c906bde21ae8eb27a1bb1a6395

SHA256
704ec77cb897f8523b231479b678084dc2c84dfb629b19bd7105fb664bda6e70

SHA512
c4695fd85e5e860f997c840cf1df5a1c5c2c7d0266cd0b3f85e0be08c16d8fab83b42b936e0f9cc523b6056b04d884ddc4b14848b1819b3985a3cc99b7f7a96d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
957dcf0a8181f690c3723c0c8c9b77d9

SHA1
0d9346e9a44f507cf2854f74231b733a25fcc4ee

SHA256
f20346464da1c9f6a760ebc272d1b323fb47f01063d4474409e35c8053d6a20d

SHA512
5b59c252c422de90fe0715d57b64d33aa27d7dccb6eabe2f69401ac1b237969ab62c3f4d84e6c745f7a8635605310c88483dda4c59d5087b46f13ad7480946c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
209b4676f4c2fbf8aa5becbe45b21de0

SHA1
ef9ccd16aff87085100e958f6dba0e93b075af21

SHA256
5d5bf9cad2e6c4d61989728858814377cb7ba500e07a2cdf5967aea4d90df2bf

SHA512
48545769a7ebc650b08977abf4f020673e283c8040bb17d56866c728270415b20df988db1b5006470847b1f0df2225a823636ad2968eba6161721d82832a6192

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6F85.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6F98.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit