20ab8c733a8501acbbad91e064dc9aa4ed519c076c20dc61b2d8d4524ef8221e

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 11:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b33feb3d4370542869ef51a2dd9c7269_JaffaCakes118.html
Size

118KB
MD5

b33feb3d4370542869ef51a2dd9c7269
SHA1

0cfa20623f5b49dda8ed50335e82ab4280796cc0
SHA256

20ab8c733a8501acbbad91e064dc9aa4ed519c076c20dc61b2d8d4524ef8221e
SHA512

d96aabee8eb183bd41e4ddad20fa62d72546f63e2bb3d896de669c5a7f9967a4348f446039923860351adece84e2530bf40f547f352d57e95c3d56775bf5f18d
SSDEEP

1536:SRkkeyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGL:SWkeyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B651BF81-2BD2-11EF-9302-CE03E2754020} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424698815"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2464	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2464	iexplore.exe
2464	iexplore.exe
1304	IEXPLORE.EXE
1304	IEXPLORE.EXE
1304	IEXPLORE.EXE
1304	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 1304	2464	iexplore.exe	28
PID 2464 wrote to memory of 1304	2464	iexplore.exe	28
PID 2464 wrote to memory of 1304	2464	iexplore.exe	28
PID 2464 wrote to memory of 1304	2464	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b33feb3d4370542869ef51a2dd9c7269_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eddf04a91c6ead78a9742170169ba821

SHA1
d3a78f91363971f56c58fbce32fed7cf0ec7db87

SHA256
9a991e8b755faf02fe90871ca1338b5213e2861209f080988a63648ed7b6ac27

SHA512
fe8e2fc2496367076cfc1269bd3a9bd9bb9760338fe725583935e764593fa531801b8e3a293fc30a88a2b7b80c7fc2164dce8117107accbec36095853a416e7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10e6da85d156c6ff68e485b6cd9efd5e

SHA1
b0875bd2199ddd044cf8a903df7aa28fd977b3ae

SHA256
4be2701e9fe47be76078c3e5fb06dac2e3d57445ad50294f2d42c310f2b91a34

SHA512
5c1202d010f64cd2951781b3aedb05bad70244f7d0397a95091af7eb19691a7ff5a86b6617278cd142f48ac28c44ed98c8ce7ed865834aeeecbe105fa80f76da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70b4d7683967073a4fa4038e9d3c96a7

SHA1
d960d7c667f7d35b3b35bef57154f74db88c7669

SHA256
7c0811edead45369b7eb03ce1dba5c7fa8f3a1a47bd325b6e159b13494b0ba15

SHA512
936ac1f4fbc32f378b2194d524c5d14734ebbf74831fe722688de5b64d898ba77a72755b8e891ccfc77bed46b55db332afbb1a48b929cef0cb588888edfe7c03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
046c02213bac7f0a7e169ac930eab291

SHA1
a8cd7b498c124cfdc86b6e32cbbc590b609639f0

SHA256
0d7cbb1f14dde293c26393efa9db02bb41865b0b5defe12b6fe3d1fa390dcc72

SHA512
83b72239c184dd6d4707204f31203a4b9659f6122ea0602a874dd55a89ba868dd91fb3354dafe5d598a32eb7eefaf1004fbd3ff01c4ac37f5f3fb827495c2fc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b0e17ab7730bd592978f3f382a366ec

SHA1
a24ec8b4431720a4e2ed2e0a4efa9490615e72ae

SHA256
2b149739f1928990b8ceec38b797eb0bb65930a3dcd2dc807ef4d734fd65f007

SHA512
ac38d8ffec45f9f9355525a3186c0c1579a0dccb915ee6e1dd7eaf17228fafb0d0e08937413e2f7eae60a40afb8f6ebcf9b6bfbb3524bd61e55574a298e31d76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
462822253555c1c96204d3e1c505251a

SHA1
335a9d33cfebedd08b2ca833601d39c7c0170b9f

SHA256
9494a4946344242230bf7208bc604b05e11136565fe43a50ccac4c5c2f7b26c6

SHA512
c87067b1f72025b1ad0df9b0a159e11084cbeb961d71d12f63da985521e967189403e4d8c0610ceeab04f95455fb1fca3efabc82d024215d2df0c547704b24cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7cc13cc244f0effbf1e9d4543c07b9f1

SHA1
991fd5c0695ad37ad6d4574e8f41888308c232dc

SHA256
2795e72f1fdb61bb554ca8fb5c9d405befc750024b9fa8dfbf447240380dfa9b

SHA512
2b89f4e332975da60b9713b9551f8cfb85d3625788d4288616624430a78ccfabcb805e7e67038095a06b1ce663a44d4fddf7dc1a6a37d31c2e8ce0bd3f58812a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e2a43fdcbb1c02d5811c7ba3ed4151a

SHA1
a9b7ecdbc4ca57dc33df476f427cbfe20d14051d

SHA256
d380e4e50b40c9060c2210368b76aa45b1387506bc63cc6e0497263f220f90c5

SHA512
2de3d00224855b9fea6b24eacdbc9e68df5a4d78045a72d362fc7032da3c67846d30dd2bfd3b7183f73aab0111c6a022bfd7c0bf64cd9be5b24cc6319afc8922

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f402103c62fe3be11f532793bfff3002

SHA1
5ce6e80f670ff5340b66ceb009b795e01befa66c

SHA256
ed003d8db6ff80d6c91af662c0db03ab4176d714b96370277b2c33c52e50bd52

SHA512
e5fa48d2b8df9dbbd95802121235e423c51e533aa33efe4fa29b116642e222a9ebe14a3ae02a3dfa1a6512353fcceeac95221aeb062c4c085856bf639e68711d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
937cd6eeeedc487a14c43a1096cfe05d

SHA1
a93461cd755750a36c7e27e1da0428d787e068f0

SHA256
0ef3f081540ce3d9eddeed78ca70927b52b5b3f824ec4df205bbb5045f2caf87

SHA512
34e4500e4cb8b1a7a91c057043c3a98eecc97924bd5c7b1a417ad701ecc3efbe06432f0446e064b054f20b94ce034521fa0a43aa2dc725067ebb3057455d15ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab18D0.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar18D1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit