5aac23352bca61132ebf34bb070adf9ce5eb548a20df78afe297a8e4708099b9

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

149f354af47e620ff92fce8f70a4e2d2_JaffaCakes118.html
Size

19KB
MD5

149f354af47e620ff92fce8f70a4e2d2
SHA1

a0ca37966cf90467050f53c5e9cd96ac604c8a70
SHA256

5aac23352bca61132ebf34bb070adf9ce5eb548a20df78afe297a8e4708099b9
SHA512

c85e64cfa9666da1668a94c08b5a7399e22f2d434bdc032517675431bae70c57175873c33a7c8cfb27cdd80db20b9d182b4551c94d0263022f067d8126627336
SSDEEP

384:HY7u6lKvo0lAtsdg6KrIaYj/aITHoZllFca+iYI8L:3lMtkSvuL

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425623111"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C1A02C31-343A-11EF-B837-5AD7C7D11D06} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2444	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2444	iexplore.exe
2444	iexplore.exe
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE
2872	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2872	2444	iexplore.exe	28
PID 2444 wrote to memory of 2872	2444	iexplore.exe	28
PID 2444 wrote to memory of 2872	2444	iexplore.exe	28
PID 2444 wrote to memory of 2872	2444	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\149f354af47e620ff92fce8f70a4e2d2_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2444 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
8feb8a545e449d11a9c5e23aaee5ddbc

SHA1
f77e8473d0919139a026c530042aae04452f0855

SHA256
f82e9b450a4eb381e4f17ec80d5a3bbd1c2494ed26d1d95dcb4d39629c940601

SHA512
35ee39d95672831c2189d5cf0f3950caaeabd495582f0a6da2f357f31377f9f8415402692350ef60a25fa80793d4ecd8c85649618ef5cae116c98cc11b9741fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73fe883c03160de4fda88d137d8cc41f

SHA1
ca750771c4f3b9ef51c662d8c6b8ee96f5bc4129

SHA256
5c6627418007aec3cc3e2ce0e1e6cee46ac06e1fce6415ed91c3b905bace3134

SHA512
aa7f4b41b678966d76a78be70378e9acf3b477820e90102c63b3dae70f321f3e65f8f72dde63a527f55652eca83ca16153a4a268588aea04d7b777e6557830a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5c1cde4e89354d1d8b2b698e6ac982c

SHA1
439b7549852e62703d574c733a9896c788edab21

SHA256
8b9f0742a016e16ef18cfb201c4850b29e86966c2e99e2ddd5cdccda1e6a5b86

SHA512
b1bb96df23b39450bd3c7741a0959b53a5fabccce2b7edc7458e9501c228ab440e28a4dea8470769da769ab467851a278f737ce6f9e58c0281ced164e5652df8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1517fd670480410b45d1f22c79ab5370

SHA1
f17b171c6cb3de8ed1d321b9c51e842642cf891f

SHA256
cc62b7e970fbfe9a37f15b2540b64bc49f3a4c6d8de7199dc819c55d39798fba

SHA512
6958b9228d733aa1398fd1c540f962947563dd75c5646079bfc8d7ba2c428ae57779f04a1d25cd7d2748f67d3539a5656eec175c6921f00da1c4eb596f5c8fb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a59ef41ea58fa5956d1a8cc7f3c9f9c

SHA1
7b1bc58a99a56a2d5a9cb2568e57c6caad0e7640

SHA256
b61630e1fcc34a55bdfbb67f097432bfe4ad78883a762b16ece1005c5986665c

SHA512
580827e22492360529b7685e4ff810f65212aa685a7ac5d46157c5169ec717ac1752b44c614fba73b88735730d71e4f410d9d8e80671553f418fdaec6b200d69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0cf0ca4221896b251257a2b9af799ddf

SHA1
d457286f00b59e681b2b09ff7cc25b2f5e2c5405

SHA256
2288c42d539b425bcb5edc5030b9d2ed9108e4f4e3e29ba1177e6ad4f95fe2bc

SHA512
9f6b1fae3382bb3a7a4831ac038a759a2dab198001147184a9435cdfee39be03f918ab3944f3e5b229f7725ac990cd00b67e2fc2a426ceffc333a2a9eac34e04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4534f8e17f0915dcf8a643a1a59f7998

SHA1
486ad978b8373c9393bbe7b602087020ef3a5ae5

SHA256
98458dc3890937e68c9167ebedc7be5d44e80169b16cc0fd28df1c52c34781ca

SHA512
3b881c0f243229fca1f9f67eb50560096f44eb9959b82235d33ffb15d902bf370ac0397d4e208399d95126475502e9da14d8106c43ad1f13bc8281ec079e99ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72ba0710409828bb37df6d247df4e589

SHA1
edc5c2fe8ff9732bf8452141d85a876a8844fda4

SHA256
3b8183dcf28c48ac9fb03b699761093f3bfe0c742009a03d1697173b6948965a

SHA512
19691facf37a37ea8e6ae910f58a3fec00bffbfed852147ff9858b7b1121abfcaeed8a6fc7f9c82320030b5e48b5b76e1fd0b69fb13f1a78dea18dfde7b28ad4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a7b5028532c1fa40c4f1cde7c8033c1

SHA1
c0ed0a6613b31345980991d14e7baea615a299d1

SHA256
c081a699bbb92fd11c2595a4d7c662a9811a0a9176cf2c6532864cb36cdd0e04

SHA512
203c3d688e89acad316cba099ea0812f274619d524295096774f7b012a72878a6ddd295b1a984d1313cdbdd728fc51453e441345be1925a0853fb7a36695237c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5651b70142dfd444709a16fe5d60c618

SHA1
17bc5fd5cf776aa52a830a42d24743a26aa829d0

SHA256
2ade6fbeb8b0a086c6fc327a7a3a4b86d5bbcf0fd4b710010013e0add4ca0f96

SHA512
ebde0442c909958dca93f619dfc994304fe45f3163f004488160d3e8b5d42c4a5f6668e76cca7d54f12de815c60206eeb3667a1177606ced17a4f365b5c83fab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44a727f63b090e67c4725acd58073bd1

SHA1
66eb8351f53294b71de24c90bbee82832a890dd7

SHA256
f23046fb974d0a74e07498f95ec426750c992be7d8e11cbb7ca3763f7359b5cd

SHA512
f0e1ebec2c0bfc5fdf2a6617fcbc17d471bd1b7093ad7c5ee16a77225e2945771c855b4b66ee045f50eecc287ea4b9c654e59f63f21ce8328ca17ec48f984fbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14d9dd8e8ac9fce22833897a03aab9c4

SHA1
3a3f025442fafd0e79f2bda4517d1ea45503d111

SHA256
de0a76347036bd24219301e75b8d55778e039a613f1768b9a984f468961bcaa8

SHA512
13f8fc25540da60093d185194b0136f60643e6d80baba68e59f865eb37fc674becfe701838e472f94b62b1545763a43e5141e167b4cb7bb66fa70cd08e446151

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
46f04f72d6d82a63f537e26dce347faf

SHA1
bb628be1a2fa16a5ffb4c80c763d5e2c758df8d3

SHA256
c5a4bc18184818e7a3bb1ddf092165e17dfeb1c00628ec8896ad3537c32d3cba

SHA512
bbd510e0c6163abba4d69d9eb17da6a4229a36c1c9560ed699fefd76b5ad7715c55d974c2b77e02198229176e4f1843cd5f896190fd6d94dc51ac9cf2861b62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCCF.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDEA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCD0.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDFE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit