55ea23a6fe9fd5607555aea1f4580851d2d5feb70695243b25cb0e40fe52e61b

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
16-06-2024 06:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b21aea8a9089ac8fc880883157f5cd93_JaffaCakes118.html
Size

34KB
MD5

b21aea8a9089ac8fc880883157f5cd93
SHA1

e029be59520c050b2b078227e0371d1bbaa0ddb4
SHA256

55ea23a6fe9fd5607555aea1f4580851d2d5feb70695243b25cb0e40fe52e61b
SHA512

851ec0aab0dd2b4bd1cc514dbf3d2d450cfb7003dd65ae7f9957eb8a30364f9e49f79f943c00f049cb41fe4fde4f7f543a72f524a22272a9ad8075560a4ddd7b
SSDEEP

192:uwbxb5nXSnQjxn5Q/+nQieFNnKnQOkEntuQnQTbnFnQOggcwqYRcwqYBcwqYQxXY:bQ/rkNj5xXT+fFewkXTy

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424680723"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9697FD51-2BA8-11EF-9A64-5214A1CF35EA} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2200	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2200	iexplore.exe
2200	iexplore.exe
1724	IEXPLORE.EXE
1724	IEXPLORE.EXE
1724	IEXPLORE.EXE
1724	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 1724	2200	iexplore.exe	28
PID 2200 wrote to memory of 1724	2200	iexplore.exe	28
PID 2200 wrote to memory of 1724	2200	iexplore.exe	28
PID 2200 wrote to memory of 1724	2200	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b21aea8a9089ac8fc880883157f5cd93_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ae04c4df1718de38bf7b7c2ec06ef48

SHA1
1e780986da432a5f4bf1a2e8a7936e25be56cc6f

SHA256
f0c670903b8e601739ecaf9e83e87f5dbb6176e1a484446e53112e065498d626

SHA512
6daee9b707adf9cc592c17cdb5b5638c7401854583a2b5f933c1c6473ce2e713278e334766f0d2cd42df7d8e24d231bcfa592ee4571e65c69f47d1beeaf8efa2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4b0d27b325854118779786be69cbc89

SHA1
8c6582464ffe78d08c9873de9743b7debf6b8366

SHA256
c48e877bd552751d45169d5fb243fa3ada25584d092fde546fe890ac7202e7ee

SHA512
1e1ed8a9cded9cc2ae2db2c0340e110d1e5206bf8a11b424bc80a6c8590041ac0c97b86d2cd0f962cd035f23339d92452dd7f9e760c281e5d1bfbcf988ab321d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
862274ddd1e854b7905365e8a81ab1e7

SHA1
8cc8d169dd73863ae49b784e3cf772c57fd4bbf6

SHA256
8028d992a4c89a1507e512c264a2dca5dbea36d37c8c6d9576cca964afd65f9f

SHA512
60c3c45e565da19a8eb6d551c8acd873be70fcbe95bc74d08622e73b85d9fe3844160cb0f5acf88ae5c229fead9b3093144e5fa607cffb4ffcb0f12c9caa8a6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
219622ad56030d295bc57f549a92bab2

SHA1
bf7329e573403d9e98d2deb1a9d6fd349d858457

SHA256
e6980754aa20d63ad6acf94c906edf2e03090273c7fbc000832bf9b7869c696c

SHA512
cc9cd1193f53b203c0bc4915b79e446856c795392223297c2d82ee7cd649cf9a3d952bd35aa193ca9a19f0388d106da30f8d1c4abd66b1ddde722bc193dc942f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2598816795a65de9ef45f3e0fdf84a8

SHA1
b280324195c8a6782a2c9f5fc9e37ee3ee8c956a

SHA256
3dc0b43335fbb73af7bbd77cabad3f2479cc84d0d6e4cd5c81c426653dbfeeae

SHA512
e9b96e520eecfd6d5ccbc5df2283a5b5aae0ecfa738ebb73d6419adadb25ad368576243e0982a6e2f247dbc61e60bebb9b9dd83bed3d5c893bab38f0afcc00de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5d426c46d4d6da8bcab8c8ddad6c57b

SHA1
091d22bc012e6b2e8655a8233d812cd313b7a167

SHA256
b12e0889c419adf3991cf0bdb601c577ca6cbb69d8a71325842ca82b277a4f55

SHA512
40b92a48d73a4ec1b7240097b14782b9fae8e796aabf9423996b00f96eebe35ceaad69e1811c5d29dc2dee892f4c8bcf3c25c3d817650252f20f63c222451637

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d475627a1290ffc3112a17ebf0b993ee

SHA1
a0b5326fb865ec36e0f83bc92ef051b8cd5105fd

SHA256
75455630a7ae30273fb1ca891935c193e57636d1e0ae3c1f4ecd200d757e91eb

SHA512
346f64d5ee6223e00ba20d2f60ca6c00f46c542a4ababc8bd675861190d11828a1bfae7b079a979a645173eca8d0e6586e96cdba0baf5ed7b041ffa776aff815

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da31e3602c456dfc0278909873a799c6

SHA1
85c4ec750dfc6ad6fca906b67caf156aa80334c5

SHA256
141aacfaef0c257b6a9dc796395afb78ced2091ed903b69699f70ef05f4fa8fa

SHA512
2d1f224cf6802c7f08215093360b0d7cf5b796cd5ee791b35a8dd4299f9da6a45ffc8b8a630ad1141c02a75d1f3c606e8adc70fe9a86856c7df070affcf9a632

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5410bb5ddd97a889bb34cc63ac00118b

SHA1
82db744fdfd9414dab24f00053a8c3ec70fa6632

SHA256
8af359f77f1ad1645c3f5b2e92dc7b220cb3d2a0bbb97bc211a9d7da08525668

SHA512
e2e5573f3176864547b2f7de2aec36e496a18c9491fe0e809611704a5bfcb3273c2e5686ff075b70e9bf60d04165a47f54a462e8ef572b95a41eeb0d222bec19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
242d15a6d30a8d3208e0bc8f485496e2

SHA1
1c9dbe4ec374929c2c3eb9852a93e6cb4526dbef

SHA256
7bc1c0b0bd59525718bcb196a0d247557f1af03355b7a460247554b4f1c9213c

SHA512
ddad078defb41b3062fde28cf074f6ef58113ee2a4512b356dbab676f62ff46a5cd898ce28c06d4ba913a3247b698f2d4790394b08afc9cfbf9d12197cf5ec11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5504.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar55D3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit