a9406d922656c85297bb8b8d32a9a2e09e41259f5ef91cf3fe06110ae845c72c

Analysis

max time kernel
150s
max time network
143s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 07:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2493812a5897f0b35283efe389dda17_JaffaCakes118.html
Size

24KB
MD5

b2493812a5897f0b35283efe389dda17
SHA1

a8ae3983b087a6ec8530194b58184f57ed991448
SHA256

a9406d922656c85297bb8b8d32a9a2e09e41259f5ef91cf3fe06110ae845c72c
SHA512

895a6482b85df573cd6e0c90410a25bac87513042ec6f891455bd148c7ef477e8c05d62b9b46df38d281ae9298aaf13cef0a5a7e203064fb74f5107a614f61ca
SSDEEP

192:uqN7HRb5nW7unQjxn5Q/fnQieZNnWnQOkEntFYnQTbn75nQeCJVevo7NtIFo+NzB:nIQ/TygcnnBk

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424683693"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{80C54DA1-2BAF-11EF-968C-FEBBC6272832} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1672	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1672	iexplore.exe
1672	iexplore.exe
2100	IEXPLORE.EXE
2100	IEXPLORE.EXE
2100	IEXPLORE.EXE
2100	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2100	1672	iexplore.exe	28
PID 1672 wrote to memory of 2100	1672	iexplore.exe	28
PID 1672 wrote to memory of 2100	1672	iexplore.exe	28
PID 1672 wrote to memory of 2100	1672	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b2493812a5897f0b35283efe389dda17_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1672 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a87d77346175bbeffa3f1eb2d11c213d

SHA1
06b4b99bfdf3f8e28b147d904c726ac855a18a70

SHA256
f4958fb421c36a46f899eda69fddb6045441673f4a416b2781457eb375436bdc

SHA512
ef84fe581ce9b5e964b058e559981998307fa28105db11fde1659eb8145905de874a68760c27f02b38a963e3c18725410429a0fb3938d5d4c0e5cee161ca3bce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c9679b1ea86ea1cd3253166d4fef013

SHA1
0fd76cb49fde137b94c8e4201771a1cc61b45484

SHA256
1ec331e69c8b14766fb31a6a6584031bd5aeec7881f731651979c47719b79cc9

SHA512
af73600ad854e97987b8c4dcc5cd691598cf882dfb35529581af906c847d3120143365e091c23a3c8293bbea569d8f93c5d16c9e27485b9641571ac7114ff6ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83cfd1928b8debc0b1c2822c0f4b725a

SHA1
36435559cda539a9f9591e79e75601bcbc214f31

SHA256
1bffccf27a8943acd23fedbf1a64d39dec8d58f7650d7ae5d4c1612843b275c4

SHA512
b03859c08ba73ef7c4a1471fd744e388580b627cd01f18793d88e592aa6a9158da6e78e8616772310f7fc6bc565a9cc197b618ae8022f67dc9cecee7c3319e16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8796f7fb853646a20c2d6fdcaec376ea

SHA1
d8660e5b926354c46ff26ccc84265134b9ce0378

SHA256
e1033946d1d32899f028df0b7292fb506dc4dd695cb45ff3d7eb33a1ed27c592

SHA512
6599e8e3fb8460cf32da6e15ff68b0c15aba99bc48b7b992e76e73844c27889f6f58a08db369b6b9cd1cc301da2d6eac383932c0d6a3641b7ebd676c60c16673

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0fbba53088c0d9f7632b82a1638ef66

SHA1
32a18cd8cecc10811079d9655e7e7a826314fdaf

SHA256
3633a2c802746f8550ee2aa8b1b703b734ee808f962658c44570a1044a22d0df

SHA512
f7def5e85c7eea6995a22186534a97efabc2e78b810b0d23da4d896824911c963c4f0e5c42e0f1bcafa5936499aa338fe2bbf8444225359c3ea7406175b97966

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a43945304048e03e79ca4fdbb4f8c335

SHA1
e5a78150ed4ee2ace30ad81794a15a9c9ccebde7

SHA256
52a880d2fa26a71538ad193f650431af29f707caae9aebe415d95cdb04a34777

SHA512
cab4c61a5be65114afa8d572762f2a4c36f62e2a4faae7fd73180d7bcf68ede21b6663d31778c62fe381ff55a2cb760213e48af3102eade06048f47cabe1d2c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe43f88e9d52317c80dd4cb97e490fd3

SHA1
524b1ae681999408dcb4dae16c2a00fe0ca245d2

SHA256
7f4d8744537d07377f1a63b486ff80976a50b871ef25e63fe4b14c4c46c729f5

SHA512
20f1277e803126d14a1a6669f2e576d06ac1d12ef8cbffc346fedadc2579464a646bc0dbbc91fc7393223aacbabfee81ded9b5882fe78028e0aaeb6f6b84b474

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2609f7f182989ee8e6e7bc2e780c7cdf

SHA1
b33d6f3cf24076d3e1f82e9a0fad36812eebc9e9

SHA256
37f8dc26cbd7a47d9a113b26f2364daf146cea623e7984e8ec3b0d3ffc34b430

SHA512
f658692ea1569c08a980ab18488535583bf27cfe3ced43f220c7821bd81483c23887889961fb6e9d0a24dd275360b6a1c842883f32efa80603de95d70010f4b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ed67a226f94c148e6d41252f534b686

SHA1
9ecab20baf1699ec6c61339ce8734490d5a8ba59

SHA256
ed9bae3ebbb97a703572ca84cecc5093a8566e7151ed1ee0a6c981fabaaf4a5e

SHA512
6550f0ce52cd628aca2e19da7b341674694ff3d893a2053a32e3b354ef9ef9779205c690ed5eff7174b3bf47964ba4978f3ffabf277073dc18329b2ef3119520

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5F6F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar601F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit