hxxp://jafisport[.]com

Analysis

max time kernel
0s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://jafisport.com

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{986D4541-AEF3-11EE-B432-EEC5CD00071E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2136	iexplore.exe
2136	iexplore.exe
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 2708	2136	iexplore.exe	16
PID 2136 wrote to memory of 2708	2136	iexplore.exe	16
PID 2136 wrote to memory of 2708	2136	iexplore.exe	16
PID 2136 wrote to memory of 2708	2136	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://jafisport.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2136 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7fbfa34bcee7ab317a7a3ed2d0d5818d

SHA1
22569fd8bc5b4e333a1223e95270145a96a39481

SHA256
5f30941ca3f7547a5437c29d86c641fe7e271a398b43ecbbffd916d14c73b21b

SHA512
ebaaeb5ab24b29e981c38fccf445765655afa548db5751c21a02871606eb0dd711d7929991629c55daa4f77550a4bcacc756dfc8c6d27ca37b7c69a246105aa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1d9acfd0158e98d623f9b0bc51a25cf

SHA1
b70f835a6c03733f2544708bd7e7159983d92837

SHA256
5e4fc6d8e83f4d4be26446379df8cdc23fe71c01372e76ce5e72c451bae6dbe5

SHA512
551b1029463e9655b98e064cea948bcf054ca3758e30e810f32d9605ebc2c93ef3f3fbe648fa68f24fc5403d10efcfd97fe6cb5d7e76e2091fa839547f9061d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ad719f3262756048ef4ebae9ed664b5

SHA1
c271bd8d910e613b7b2f3dfc0be8178ab9bb6a0b

SHA256
06dec5c0543d230ce4688842c5a73b0780ca9f568a30e197eecea6eeb6e4e299

SHA512
914c857906b5bb53fdbe20518a53cd6533bf485c3783cfbc4574863ab9530d25b846e634593a79c68011cee59e0fb34939c432084ea253f09b6e6474e72b71ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f737b5729ba186be59b24d7704e28a52

SHA1
b62cbebff1b26acd57b5f7af8d6b8e30ef5b6d2e

SHA256
761d33462cdfa091a3b47d76e2ef280d503dd939323ff644e2ec7d4455805d40

SHA512
4378ed9898499d754e57d3b0456cf8ea746436be1c4e142ab47c5b97bfc79cffecbabaafe4f8426a23742d2c220b1e8686de205834cc13495e2e1816c59e9961

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae5dfbd876fc40f545bca544aa0c6a92

SHA1
d42f9615ca7516dc03df2b90aa9be95ccfff0fc0

SHA256
f899a9a7c6795af939452b9c751eac88f79baa5dadc0e1fb385a3ca0453fdea6

SHA512
d9fa950a203beec18575bda39b4da180cfc3ab2fc55f557d02801c743b96e36fda950bc2a796197c92275d9a2ffe3fe2155e0280d2b4edb6dacc7af2af678f00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ffa3615e942c4dd6e20c94c96706ace

SHA1
9ec3f38468b39c5b7738c6844d8c68a5e35139ae

SHA256
c18f7052ad634acc3649bc02fb50890749845f4e3a346e7f8537f6b8d5ff0b62

SHA512
94124b938ddcca043af637be2171ccf05267cc4c4a0a099abfd122021bfa0ebddde07da8e907967d47fabbac4047bf39a1fce2db44f9f97a1c447b058a3e75d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c759cf703c2604458c4b39b313a582a

SHA1
a89b952b74469045dfcade420cf706d110d82bb9

SHA256
a7a097e5a9fca6a28a7a3ce1b9135730a9afd71b66832c4358760fa49c889bda

SHA512
f40d57e4c80171bef6e005f9b277e36514b00b6820783de611c008a48a040ab45efc99ee4a32e215b0696ee11fb4c22a11b6990643426e1be9399b5daca30059

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18c1f92cbad04db683a8805ce723c258

SHA1
6f9aa2cfb582dd2818daadc4952ea651effab76b

SHA256
30e44ef8aa1852d181e1f216d7f6a0c1df95ce3466ca437a2223a45e121af340

SHA512
0f2a93ed3663140e2211e831cc5f379f8852412b66301327501f66eea88b4543df29b4f3b0d9bfd1901845da2620e9f04921861edefbb36af847890d25069abe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2df647c4eef665f2c2c56944606b44c

SHA1
250a505210548ee1e6b174e4167862cd0ee9f767

SHA256
ac7146e45d44938d61d8f6319ca060064d747520467b4194e2a81fc8c4ef1e11

SHA512
f423de7bfdc608568806d6ad2ffb8bdbf3b18a3c1f3c38eddde4258471655c11b1d23e34dce11cfbc775576fc5fbc6163f1ad2d51f34571412103461ba77007e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43b3d205a7fd42f1879b35cdb3269e52

SHA1
02d368c1e63e11d51aadd6be57ced7937d3243c2

SHA256
002bb0412fe6ff84c8a93c2a8a1047e93725fc6c70cb85112151b81339217c9f

SHA512
9872d7ec558306c5c4c096344120862306d8c64de637b9fbbe3626a336b5e5669fbaab6b6e1af9899ec5fadefe2fdb80fc3dc7f40f61745e781bf56e82cdaf00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b24847d81650b6aaed907c8f99d87e9

SHA1
3ca9dad4a7aa05087cef4cb5073d05d7a079b607

SHA256
a692bb7d52b5939b9110e918ce9feb010f4b15eb8da0672109c8401a947c7b05

SHA512
cf463d242be0a51e9844807a4fe6de01f3ade66ed1935f54ec6334babcce7c62efa0921e91a417fb8ea255580596e7b80cadc2e76ead20f522ee2bc687bcd1ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20a517730cb0089e40d58263b8b5061a

SHA1
80855fb28c2ed192656f03373cf28bed69e03c61

SHA256
a033f5750f0b12ce8853c973a9bfbbf55486d4948f2ade5ed663c5847af1a642

SHA512
97e844af511fd55d6dc9677d6a38170b098d02dedaf5a5d428f3aa7eed8f52125a33bc7927b1cad0ef934e32cb072e98b4f88f03b56e63ddcde4b1cfbc9c289f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
241b476f6ece61e0c85041eb07de840a

SHA1
a8df3def753c97a32ecd40a7f2ad5ce74eaa8ef7

SHA256
8184d0849be12f11f00ff88cae03949baad7147656300fc53617fdc5160c097e

SHA512
489b122f6d627059c1309257e87a1ea88c1ecae6d1411c699edb0dc25cc0347ceed1235eb064729453ab31c3657508d4916de29ebbe1563ac9e953496d014e45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0d1d5652c40f353b0d917105d5400b0

SHA1
309034c4823d8cbeb1af70a6eab69101b1b4bd2a

SHA256
35953deac4ac0f78aa520d6af1db0759a46bc725dc8c3666ae7ab7a08ee14929

SHA512
ff88a80e14ac62205f22c3808a6a0e1756faf58e60f3547c6e8d27c49dcde1dab14e9accf091a72c32d14dbd0f8d5da50e97a7c65aea7364f8d7b0b54e4254fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0792d8092cd9efbed5d2863eeb2ac132

SHA1
2a4227d2417ff3bb824a61f49f9387a084ea6c1c

SHA256
65b3c302ba72a0b2e8bd46f1aa7a50ccc27b7bd6568aa17092b29fdadeaac4e5

SHA512
aebeb29c6274616a65ad256745743445ac7edd52dbe9433c85368e9dbff7fd0c9c01dbab22d83ed10c17647a15ac7c7822f8ec53362f035219e0746a7f486b5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5acffdbfd9b1f06e6dc4bd2363066c28

SHA1
8ca4272dd5cb4b0be6c421afa1bd50e42342e0d3

SHA256
6e91dc738c49cc5ed171b0958eb0c8130c0c10abd3afce6b91c7895a66a76473

SHA512
ea6ac3a55e6d3f3a13d621a682e06478760092d7fe0a449746344ad4f452992744a5ecebb5a41b04239af31fa010dce4747a062af2f6253e87f2d314a13518bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1aba987d30e12628391bb0997db0d25c

SHA1
74a29aceea2d591e0b10c4d581b29988511d6305

SHA256
8ce2d68585f17969d91459da063804c45a5d72d00ac361ff7f8cc826ffd7080c

SHA512
43007930d7e70b007022d145e63ebd760624c55c8efa619984bff12a6213036e678aaea01e7b669043bc35c6454d500fccda337a8fc59fae3ff70d7e4a75d2a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b13dd33077a431aa1f5e32f9d6c054a

SHA1
80b4f95bf065c0db052d13d2e5551559346ab3c6

SHA256
14a184fff535cb1c50f23f681b3ab19aaa125bacf80f2b26c8849580daaf58d7

SHA512
9740cf7f5530df26ac8f332314380428852c15a630217114d29c03f6b3a6daa18e2c9cc753d77c1bdc1b2ade1ff648ebb722b03157a0f217aa5720b0955168d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46018fb4c8826144289cd1a2ffb59468

SHA1
5981fbfca44cf80dd6b1917799af61b56f0b4ee9

SHA256
50508ac18695a463ee2f06d280c1694c83a127255c76ff54fecfbb7077c8bb90

SHA512
6ad62150e045620a3b1fafd7eb12b4e020c60bbfa995817fc0340dafc192ea9751effb94ef44634ce3b9266252e6533a30690eea0cc5b4b38ea98f587c072a22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab364F.tmp

Filesize
50KB

MD5
c3dcf0227682c07a7c529b72dfafae6f

SHA1
7370e917fabd38fafa02ee6b8ca835fb3defc6ba

SHA256
cf2b85bda32e9c02d4449d0153de447d7497299816d68b8f4388d5d52fb14068

SHA512
01d93eb8dbe776f2e88fded88bb4687f67677ddefcc25f02d4b993b0154c16ce54bba5beec53eddbeaddaefbd28b1609c4b878c2cae7736b8837a26719256fd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar36DF.tmp

Filesize
21KB

MD5
c1c479201a6c631ad62459570336750e

SHA1
9fca7ea8376c2d62e1d363651131ce6a84093bd2

SHA256
9d736f3902667be8c7eb56512766d841c1aacd54696966c0c0568316e39ee16d

SHA512
20c9ec6d90094d6f34d64da732a272d514fcc0427b93d66bd93155a6886af85fdec5d78f5e747b09db4a45fe2c8d7d493f59ecebf9ed2a4dbf451d497795a6a8

Download Submit