15c4f8234c6a10f548f46cba583dc6c3f96ae1e876f0d5f47505439e818ce27c

Analysis

max time kernel
118s
max time network
133s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15-06-2024 09:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

adc5ec7d632356d1899ebc8a228c26d7_JaffaCakes118.html
Size

20KB
MD5

adc5ec7d632356d1899ebc8a228c26d7
SHA1

9940f0405fc1276e454bfc521fe1bdb31418453f
SHA256

15c4f8234c6a10f548f46cba583dc6c3f96ae1e876f0d5f47505439e818ce27c
SHA512

5b8871bc9f810688c6353611f402ecc459c4582497bc407d71092befa778909b5900a1e07c9c95bdf9f4ed2678087a1197ae9d033f8929ba53dc49c176cc7620
SSDEEP

384:Qv3lW5BszjELBPfIMLOI/C1FpEiMFPR1JbAaEfELBmrSSCqdhFQHgzV9:Qv3iLBHIkOI/HHcaEf8BSCe7

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{14B5CC81-2AFA-11EF-AB87-5E4DB530A215} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c06f31ed06bfda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000004ab3ce7e8d34687e1fba164410c02787950c61c3e2621a8643548f72bceec610000000000e80000000020000200000008a41d13ac0137546fdf123c6fb56eac2e576379bedc81fdedd056446c721c6c32000000001216ff354cfa6483f8e21072ee486a18f4e8370695c73c7435b4659c5655da4400000004a682edc0eb1aadff593dc857221717d257bc887a5ea68d0fa2aad897eca780447731e585d7b722bd48d75bf4f4456e6f6393c55ae5f822aafea1ee88e15d51c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000006281494d73bbb905d1467ff6b198160874b0dd5c425a789941a537f1f0ead61f000000000e8000000002000020000000b00d1ff1f200be06192ddb4212c36a6c1877f56d4bd0fdd23ed62888523039d590000000ac5e2ec696b7915421e6660b4bde6c3d01feda718d5a0d096182261c8db5aa8263e1e8c628434bfa6277220e33a65741f984985fcd7284d8903c03968f655af700e4d041afd64fcfa58fb4d9102d3b2078f2c934e26898054c0d402418762ae8d135fc6eecbf442da460a74ea4d3d30f9157da144004c26f6273cfd55a7c5f9b725d448f54641e7788b07b64fcffb11940000000603ae14ef08466b99c8381e04c5f18e77b02ce383bcfe945ac5a09160502afb2c85e540c7bc3ba83baf207d527fd120071c8f96bcab9019cc2d05b621994c3e7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424605775"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2764	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2764	iexplore.exe
2764	iexplore.exe
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 3068	2764	iexplore.exe	28
PID 2764 wrote to memory of 3068	2764	iexplore.exe	28
PID 2764 wrote to memory of 3068	2764	iexplore.exe	28
PID 2764 wrote to memory of 3068	2764	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\adc5ec7d632356d1899ebc8a228c26d7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4284db96a3cad2fc217b66aee60e586d

SHA1
b6c1fbb8c2daccb2e3d307416722df6f1f1be321

SHA256
97201f0f8bd0d286e2f8b28716eafee7f41b2e35870cbfcff82cc1688bb528f8

SHA512
953c4bc0e118b827e7ed2ca5acc9e0219dcd5d168bc1fb775992a9535ccdc5685ac154d8812a4ad50a46d5184151ddd2c095763f3886657576f054f8fb26561b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d69c23b55f8ca9ae05524db75bb5683

SHA1
5291746fd92e44f74ad7a098a5a0badd1ce50384

SHA256
fe6917c877cd2174f6ed206716ef3fb66ced2106402de081a9f390a55826e417

SHA512
67817ee94ffcfff9545d04ab8b8dfd2e58e527a98246def7a4b1df53934322300a7a96c32c4b7bc69af5a37b261b249f1f2587f421aed898b09709213def799a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00ec3bb88b1207eddd07bdf910c0877f

SHA1
30cc9756b4d91d3bcffb06bdaf7cad91d4f6395a

SHA256
1f492d62afc76c67a94433c0aee24a154596b0fc6469f477019369eb37472da2

SHA512
123b2883a4ed7e7d409b31ac832cab5d03e11ae2c0bc04830c8b44aa9c22fd070ccb5066b685a1cc1f95475df6e0790e45d013dcb481343158c0e98d40d3d41f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d069c85b5294dd7de0e2a32c0419949

SHA1
b0702de797bc99ea55055b206e010a226372398f

SHA256
b92fe514f8c0cbf53bd5bf3627c2040d23c3ef5bae23822e375c5b6b7498f1e2

SHA512
612b562c720855ddd34e8bec5fb20ba016aa7cc2f8814e799168125e897bdf80fe2ce866b34a67147cc4effc342ee07efa55157abc0c270f6bdc630c7ab54093

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df9fb087ea9b1a8819daf8f18d543f00

SHA1
0a838fac857bab75806dc3ad239c84b574feb24e

SHA256
57291712b8274df3d3bbef1c015c3c6602c483ce39726ce7d38d839605d586f5

SHA512
2846ed64dca4e49e87d60df86b8f29137e9b07ba3fd62b8789eee63bda9b2619eeaa4af655e55958c87b77b347e9f1b03e156c379eca943072d2a912e9b2d16f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
def602681a4eaf0c3d5c0bb6c6b8a7ea

SHA1
f846fb2f4ce20c304f9e51e67a379c9445e4b5b3

SHA256
31f9c1c527755d9e4e7e6c3b79dec362835082bf3d86c517e41f4e8d86c0553f

SHA512
4597841a9610f05e669ef886b7602fb1b312e5eaeec504d0c7ec272d343a42d8d376aa81203ad03439a3d6a4498eef0dbc47db2e68bcb34f8199c3a56e8ea182

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a8f831b19abfcaba0b8bbbcb73efac9

SHA1
e94f01ee198aa9f15a0d47cea240c690a4ad3274

SHA256
3c9188511359aa058c0e071f58657b79d8b6014639c75de206f104bec93721f7

SHA512
8affd33ff308f92dcfb86fc2788689e3496ea27dc0bd71ce750e0331b0bcbc5fc69ee0ae0919a6d5e8c3d04dcf6d861beb3532e9c8b732b4b2ba7c396bd412ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5ccde79423880ba1ba6239d8893073a

SHA1
681bc77a1dda36b469a94529a4388da2e8911ae6

SHA256
92393194f576ae43e8d4d4f94c30d7474cf240b0ff6a9988eb0d1cd57f8788de

SHA512
ba38b3ff158e5e87a43a534227f6d221803c9359e87fc72a2ee4c2dbd0745914008857232e2b87f98b3e7b4b2bb20a0b9a94bf7b5d41f4dfea8ec352f7b9f346

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7340341f7ddb153174b7a6eecf9dfbfe

SHA1
1ea82c7a5aa8660ba49b1838361a861f2b00ad72

SHA256
9acde57ea38b28251509a547083c48e328a1c7970eb6e3ba8e64350ffb7f5e6a

SHA512
5f57f8ac5edfc6391f4d8ee0692a4a41889409e698bbd49d5a6dbf43c72bda057b6b64038de9beda7e889ed8d889937ac48fe2717faac350468a6bd60f12f351

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77b8a86d13f980b60a8c384e82dff08b

SHA1
4ab29ed1b14e590379151efe4648f0708945b10e

SHA256
3be367a8ea105745713216cde0fa1164a431b37d7bcc78b252b2e507eb13e88c

SHA512
be3be419cdf0bfef7a1c387b9ab4426be2552f711fa137a37d08bc9d398aa139a74424b5707f712f97e96c66955c0e86a58599aca767105d84c54b560faf820b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ecad90c9e75f80c5c0b70f466bd96db

SHA1
25c2cdde80be0887818a247415a8ef5e853778e8

SHA256
e589835c40c8ca98be67d8476bde25019168dcf0a9eb20868e8d9f07540b4b0d

SHA512
e94addd715418b17383063f861e9f9f9fce36eb3d3d12fe17aeaf8aed42b1d8fa745d400304e5631652ceb9ad683de191997e609f79fcb6092ab6ab294e65bb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
94c0cec5777c9e3e39afcdbc50f062a0

SHA1
cce5e177936c86449a1f26e448a376a9ab12eec7

SHA256
70fe58a21cb40575df827492ec6ed949cd8e425cc9f523f35bd6776de179f4b4

SHA512
6e1b679c58104f309988fb47825005c87ca2cc2375d957e94c91a57e9ad2aac67dab0893309c6927cc884e3f34d221611b96450b1c5185d6864930b2fd4a4214

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6874e1424332eabd535668f6f9a6d261

SHA1
120d198c6d3f8196586d384861a81d0c3162cb00

SHA256
223ae4c8fc367a974833fd96387ce9d6fdf1caef54752ae01781e02154c283fe

SHA512
47730bb02fcc0699fb2e607074b7741cd2971a9703a66ad6c0b17cc3370ac532acc5f009ed65d8fe6a8ac9c7b56ec67b882a71390db94939220648a8469a0c0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8586.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8636.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit