4ee04f5569004ee018a64fd5383113094a3892a676ea451867c5b8ef96c857b1

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 03:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3335b3d61b151964b50e0fad71649f26_JaffaCakes118.html
Size

76KB
MD5

3335b3d61b151964b50e0fad71649f26
SHA1

c2441f8f8e800fe0115d92e8cccf3080412b1b68
SHA256

4ee04f5569004ee018a64fd5383113094a3892a676ea451867c5b8ef96c857b1
SHA512

ea4f210afe051b271ee4c8cf56bac9118d8286ee7ed2d8b45bcae418d85479bb7a7dcd51ce893135db6654e260fb91d3c42f500109d9065a6202495eec2dec92
SSDEEP

1536:d+5uO/aebBXGnVSldJYVPYaPmSuYDSzOlElMqkUm5xrIaWk/8:d+8EaebBX5dJYVPYaPmSuYDSzOlElMqz

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426745598"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3FF52381-3E70-11EF-A251-667598992E52} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2780	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2780	iexplore.exe
2780	iexplore.exe
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 2248	2780	iexplore.exe	30
PID 2780 wrote to memory of 2248	2780	iexplore.exe	30
PID 2780 wrote to memory of 2248	2780	iexplore.exe	30
PID 2780 wrote to memory of 2248	2780	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3335b3d61b151964b50e0fad71649f26_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
623f4be730bc24f849f24b406024dd7c

SHA1
8b7a8e59501a8067324a96bbafc7aec9425948cf

SHA256
885b0fba94cbc0cfcd1fc624a72e3ad707cdedacdc70925c8cb022f8c8c41802

SHA512
797f05fac52faaa54e6a414b7a5d5848d40c6dff9bd8cca8ea5b1dba90b55578a684b07e30df4f046e3117f7cb6e190aa9f5766d77b84ea653925453f8a4946b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcba947047b405ffe00ca45be11004c7

SHA1
fa3601f904820b3d4300c88f22d876115291cbc5

SHA256
5800fdd1a5a085bd81fe06cf4bd06e3f824fc2e902282ee16491d689a1f87070

SHA512
4b650d547a53fd8e4dc2d0c1afad129145adafa52de9024bb0cce86d5c96849c2ec900f3d6d627cf037388b2f89d5eb6f3a7c4b1905386d0a74a32d9ff917cc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a648e40fb9a36d6b6fc9f9b8d420b788

SHA1
25a0c3b4eb27831347a315989420f4f6afc6d323

SHA256
3820f0d3d9931e898b7df0452850de425f0a2d8dd5bc50ec101dc6a5a5c69349

SHA512
f7acfb88f2bbc892862595bd1a59dffae54810295e501666fbe967ecda09706126287e5a2bf8db6b31e7984fbc41b87e0346ac3eb4bfb4ccb54033f3c7aa8d72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13ebdf28c70a855ffe675d82b4c28a3b

SHA1
f1a8a40fb52a02f02941bcb557602dd683b2c3ce

SHA256
e09a3d6c4338e569150d371d29eb4d073972fa67e5cd980ca7b1ea9a6fdba23a

SHA512
f6b9b9719a9c986eb5163155b0e13f4c624388e55b746f0445293b73ef01b5c9e31b658dda9652cec44c0e535b60292d44e5dd04060307600f294660b77f9089

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
807c7f57c6731c0d6891df906b308ab6

SHA1
1fd61d57d14cee698eeda11060caf06d66567f5d

SHA256
f98d7569f36905ecf63f6bfed4ec5c3ef58f86daa1b97bbb394cca542388e8f0

SHA512
fac22872412fbdf231993e6156c2bf74f8aee32278ac57f3f47360c4ae6f1d802a513e556f941e5f8a2733dba9206971e282ee5980ddd7394e39bd3f9039d6a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60aa11ff871e6a2adce91e3c45b183e6

SHA1
9f03c81259a3cca04072ae7245f12c8d2d3dd6c5

SHA256
ccf9d94bd7e7bdebd5e195ca70d2d7ad6e9421da7a90373295324213e1889224

SHA512
de0f3acbbe2b36f543c98e01ee3928c43d75ba5979b2cb16cb17eed5701df2adfb01410fadd7edc9def26339e3a2e55fce82c09ff7729d192eefa9e7b2089d75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1590dbb0097997d3539f58bf14e8a0a

SHA1
0b083cfd92321694cdeff59908d1dfd9da90d758

SHA256
3ceac77599f3dfe197ff8be2f452ca0e6197ae5fe83edc01ebd3b080e0114f8f

SHA512
3d5d6a08a3f18da53ead6b82c73ba687f7845d236ec4028e9143dbf0803c062970579a83c96af8d0f98888d87d0fbc3c421cd140d18f8592709aabc3e9acc397

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e385cf4562b2e0a98086fa3e460ffd79

SHA1
968a5606c9dcdfd30a80f99b8c19a75161657ed2

SHA256
17efeb7cbe5685ab75aad9d0b0bc20b686eab990f51de00c4a13e77f67440f9f

SHA512
1d83afdb78edbe601b33dea6aafb19f34fd0c2b0ff4f89bb6b8617677381e85cbf9f29a025c80cb3f9684340481ce7fd3ca095e578f9aa9eb2228b3ba98dfab5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
066099e5d99fc33846005c04d9583bc0

SHA1
350ec9122b00324c43c9fff21c7e7a63b45c13d7

SHA256
63001bd9e553f23a3f13fcbcf72e65bbff20018b9047145d452be84d8cea69fe

SHA512
d423f6b888371f4190bda4364f5b5052b75814537689a6b9d7a3055675505fb0075a5bf713cd57c09432ba28ec054ace2ba594bcc6c8eb3c5af71aa4a00f3305

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b11959f2463e51053771e6a4a46e8ca

SHA1
d2592d5401a18e9285d145fea30841aa1652c1dc

SHA256
99c2110911d5cec39e18e840be3838ed95414c805da96c474682fb076f290c85

SHA512
c8ccffa2447e4b4501e0474f72a26bb28990088c56be6335b4a8c132c27f013c6c21bb0637092f8734d3f662b11606617154102c4eba3b6dd91b9e8f8c5315e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9729232b68a73b53aa3b400aeca22ea0

SHA1
1b5a31459056f3368b547ddd2764d6f72f8cf213

SHA256
000f7fbd0fbaeee79b305cd0a0bb81f4962d2ca4a00406a50a774893e7e5026c

SHA512
bf654902330889c553eda6aa5a09d0a115d56d98e8d7369f15ba1fc35b149617f38c5b5f0c08204f029badc4b0addaaab94e9fc8263b94492c76ff3b6e37bc71

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB79E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB85C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit