3952fa80c1baf91671600c60a856c55af8b2909a31704b75d8f036cd74967940

Analysis

max time kernel
144s
max time network
145s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 11:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

416717ec150817489d685d9ba42da50e_JaffaCakes118.html
Size

67KB
MD5

416717ec150817489d685d9ba42da50e
SHA1

cc616848a7bfdce8b278ea593debb129308616f6
SHA256

3952fa80c1baf91671600c60a856c55af8b2909a31704b75d8f036cd74967940
SHA512

2a58ff6a77741e8bbef6a0ebcd832550d6e8b14d6f9273917095d69b87ede92f62a0c2250de7597fdfdfb104360f151cac2e4e51296d1f1fbc8ab295b9238364
SSDEEP

1536:LbkjQb8IdBqmwtoK2+EF9rCX7CesI0sKzTNl87wGJ/0C2nKm:ZdwmwtoKBW9rCX7Ce2sKzTNl87wGJ4Km

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427030464"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{81632671-4107-11EF-80FD-52723B22090D} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2756	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2756	iexplore.exe
2756	iexplore.exe
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2988	2756	iexplore.exe	30
PID 2756 wrote to memory of 2988	2756	iexplore.exe	30
PID 2756 wrote to memory of 2988	2756	iexplore.exe	30
PID 2756 wrote to memory of 2988	2756	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\416717ec150817489d685d9ba42da50e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
8d1040b12a663ca4ec7277cfc1ce44f0

SHA1
b27fd6bbde79ebdaee158211a71493e21838756b

SHA256
3086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727

SHA512
610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
9ff94afda3666993adda3790fc062545

SHA1
529216974f8078e537f3eae7b34db4b8c3a0416c

SHA256
9a974aae7415e505c5278c0cf0cda58788e555871dccb49fbab45ac09318c8e2

SHA512
0361decdad7bbbfb727c7719e0874237be3b935fc4328d51de63e39eb9a52c0e06bf44c21745703bca05189c7e4654dabf320f8a7c7ba35e5db5b2836be319ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
1387ed1fef146fa9fe8a5aa621a66638

SHA1
4d89eb9d44548838cb06686dd64c1fc5390562f1

SHA256
7a18fd67a120148c6a7cbeb1a80ee7168492f2ff8d5f6e4dbbd7c1a566f7771a

SHA512
0a750283f409536dc18ecfa2540caae53c6bb9e36db3b076accfdce16c8444b0f9740cde76d99df21de98afb52224e68f739a855dd2c658ced3ac29d1d0ffa83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
6cbbe20c8fcb075d43642953edbf3ecf

SHA1
c89c9fcbfe67f067a9c01fcd5282d3da0340547f

SHA256
f4a8c1c6d2bfd0cfa161c6a0918898e7659502d038d69b9ed7c74b666316ada1

SHA512
0ccb8c7f8330066b736df714e6c4da72c48872d643ac7f6819d266e40042505ae260bf59ad09895953efe2784b0efedc8875988538e4b6d0c14041660e3d47a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_4ED7285A0D9F2F14F63E84BD08C45F97

Filesize
402B

MD5
0ec3dafa2d6b90b1a7ccb6f589c49fb4

SHA1
8dbba5d83f2a3b2a30bde470400c35e223ed08a3

SHA256
6d5b532261a08d8613740695a78d486110c4ef492a20d8f4d641aeeb6a942069

SHA512
68f8c30400470b3f71ded89d5dd03642c77a580d8b2fb6e3db58d068685052bb606541a8cc8d9c21f8c31deba9c8ab3323829b417c929c74218fb80bb94f1ce5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7852ce3adc550708eac79e2c2a5fb421

SHA1
24de40db11daeac21381ad3efdfafedaf5ce6cbe

SHA256
0cfc86be81952b0ef614f962e3ff3febdc6fcb8cc1a08730bc83702671c7e0a0

SHA512
e431ec7c332e26c1cd6433655964b4245bc49b89f0bb4e360ce002d47b4d4cff51a63b2a991f68951ed05c9a134be4b7bee03ca60a67673bf929dedf01caf5f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6fd902237e328fce4222a631eb8fca97

SHA1
ba04b1670b3f840f5b9b833a7a1cc993f10c131d

SHA256
63db135dcd18e7b4b465f567d9f9201b64f6710837c8e4e87a79f3fbe593b331

SHA512
0ca82967bb56da9fc64462c2f83d3aea79989948a212adeb27ac18749d7a88286ab222ff65d5f84d95bcdca0ad560a85f94084ce00fff094419eb1215116f90a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d13fa2944692aed2d54696a939e44549

SHA1
07fb1ad8e84067cbeb7b3577fcf4d086ed23242c

SHA256
f8d868f6690dc3e24b0d7938cb01e81346515ca99ed9eefac3c9cb20aaeaac7e

SHA512
1edd10886086a053d736024f4ff803859a4ebf8138eb3c7e9c755f531c95ed874f0dedb6cbeee76ff2b445df6986a6349ff680b35fe287c54d82dfdd613a6854

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2d31210c0591b17a5cd04c324d7b495

SHA1
6ce490c467753e04ecf5745ab7c7ddfe47925cb1

SHA256
4aacac58e40ce7b89632b073538021f4c73f108d88b39c0d1bf328da5c91511f

SHA512
e17829b03f75369942fd7af9bafc71de050ea004c60e2501eb1a4b8d40b97822e945af3cc6c6cabaf198756362cdfd3e5c7fa271a1d6bab1efacc6ca72eecd55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bf51fb95796a73cb8277be339aedc5a

SHA1
4b02ad9645d5fceb97cf1ca8ec34d0bbd75cb21a

SHA256
a589848fbe66d1213532cd699dcad2c8eba3863d79d0a402473807a359fe5013

SHA512
e7407deddaca07e0e81e04e67784cfa645ec689f2e2c8b1f9b114419b6e5312b4c472881c6d5ce0781fe67f013fffa62a9b8d0fe2a9ff35c315884868dc964ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2858f3d4ba9e07f32036cbd76818914f

SHA1
b535288a60a7cca6cc1bb1fe79b0c735382b49b5

SHA256
48fab0297cfcfbbdf7d6b942cfc7bee55134335c6fc69a3db8188ba1f64ecd14

SHA512
5001d928c10867c6ed2bef35097e7d65ff9c9f97555a8c2b6c4faf9092f03089b77707621f6c353b026539a410a941e1a0682e321abbe89f4dbbbe1f18464414

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3563f07fda693693e0ebddad4a92a3ba

SHA1
ad3ee25c864253286027b791efc31e20d184b2ca

SHA256
98a1ae27955113056df1957d9afc93f9d7e73aa1f9e8adc4f83bde332cb3ae44

SHA512
19991905ef82a1d0a06261d8fc7764a0d65a4ac271e9c7660bf658109660712b93c33e392ae08b7aeb657c67bf24bfba05375621e92251714d173d1e75983ffc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9079cc2b5899d63e8dfb7bb651dd2d08

SHA1
df8f935b350d383558f2165b9a04c8e6d33e351c

SHA256
645171810fd3a29183a9651e628457c5b4489c5eec06a951b28cab00dc63332a

SHA512
e945524a351c609f73a97bb94d44754c1b0d8fe197c683e0a9e10ce75d0a371feeffd97baac232a4aa1733c7181584f6c382209290b7a3aefb3e74f593ebf0ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
658b390cf6dc7f29fd4719cb016126fa

SHA1
5040b8a12db21d2e3279fdcb8617aac1fa26b235

SHA256
27685292e46757b21ad902735d14f3c1b3b74e412585d69788adced62877b27b

SHA512
36344d38c35b87d3fdaa030501d18d4ff8e026551e2e1118fdb98f04e8ea276001977dd35b980c6f36a36d79ba67b5b8fd669ce4503e9996b7c20de6feaa51a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09f33939f33e846c01dd1222c2e2960b

SHA1
86d77be1af905a7a620b91e7bb73493395959d20

SHA256
a443a153bfaaa35f36eab6e6005c2035f9983c3b47059ddc2917a0656f0a35c4

SHA512
bb687db2c71f14a54004bb75885d44a99a598caf00028fd6f0018121db98c7dc258505e32d775a9768c3202bd3f9b82f1aa4b45c4430ab36003c9de7c1109fe3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a00818999a730c826cab672e04906dd8

SHA1
d12ea99a0b7d77cb91e036169c731479c12f1728

SHA256
ac68bded8e9f2b58f6bd3576d45a785bafbfb7e745a100e0967118b14386e946

SHA512
9f6b623b92da0e1e929d12af3e677bcbdf8a520591e1a1d0b226df5b135e2d8c905653d03e3858110e119a6742c897b1afa2f3173efee755be636b530cdd5b60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab736D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar73BE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit