6085a67c115ad9c67311acd260146dc8a32ce03bea2715dfa4bd31155117f04b

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-05-2024 03:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15d3d04c92969645c3df25a7c4f08975_JaffaCakes118.html
Size

90KB
MD5

15d3d04c92969645c3df25a7c4f08975
SHA1

bd03b773c496acc4573c67baade8c083527ec553
SHA256

6085a67c115ad9c67311acd260146dc8a32ce03bea2715dfa4bd31155117f04b
SHA512

53a7a8e3758a9c2506fcd72fe9010b5717bf0b96cf68024242d0a2069485b74f45b2d4b787ccaf4313c2f6b7ebacda5474c8245cf93552a49191407c80e945f7
SSDEEP

1536:3GFbxFIatl073Eh9D5WJhh5wJHCTIwywdwzVVz32xOwzwsp7U9L:Cbtne3Eh9DsJPy5V53g7U9L

Score

6^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1644	2624	WerFault.exe	28

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B1F04D11-0A91-11EF-BC57-569FD5A164C1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421042502"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2104	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2104	iexplore.exe
2104	iexplore.exe
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2624	2104	iexplore.exe	28
PID 2104 wrote to memory of 2624	2104	iexplore.exe	28
PID 2104 wrote to memory of 2624	2104	iexplore.exe	28
PID 2104 wrote to memory of 2624	2104	iexplore.exe	28
PID 2624 wrote to memory of 1644	2624	IEXPLORE.EXE	30
PID 2624 wrote to memory of 1644	2624	IEXPLORE.EXE	30
PID 2624 wrote to memory of 1644	2624	IEXPLORE.EXE	30
PID 2624 wrote to memory of 1644	2624	IEXPLORE.EXE	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\15d3d04c92969645c3df25a7c4f08975_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2624
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 3780
    3⤵
    - Program crash
    PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
978B

MD5
068bffb1bcc37658e15e70c2abb29bd1

SHA1
bab14b4d02fd24c6f5eeffd2050e8f632f08cf93

SHA256
3be8156cba861e9ccb47101114c12f88477189d0ab5432ea131d7d5cb509e186

SHA512
30e697270f8dd85ebd0b1e2024f3d5ee96d38aea48def5df92e38ea745a414f92918ffe11c435eceace6db3f6c59d7653c160204dc69b73deaf10d8fb064f2e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
60491e9ecc4e787f91e526b6c8ac702b

SHA1
d8099324c94b0df501cf0c1ee4ccb1b360a0f673

SHA256
cf8eddb4f965c7d690a15d2796ebd20b420f4c83a0d66141c8948ba4a5b90840

SHA512
e02470abe74f53926026e473dc717b42a1de721b6bdb933e7908516110b3d3f22b3fd3e5e2578d32de87e16f9f53350af2b7cd7272f9f22f55af420b6bdd2240

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ab78dba7dac9f27d821c4187e6e10dc

SHA1
64e3585a78e77032f3ef5cd801959df8e06e1fbe

SHA256
c02e118e0e7818d75e6cb9c17c7e8e056b54fd6ef810e3d584035023e538790f

SHA512
c12ed1b94689c9c8fd9ce8036070af0f2867d3eb14ace747cee8ab79b292183b9f526633d8733881fddcbb9cddca5425161a6633c5d504de1430a394729b1770

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
276e0950614e7a3cabf2b0ee1ec32d69

SHA1
e81c61425169fffed8b4e72f71243e0f8d47eb7e

SHA256
375ddd3debe8bdf76f35d79efc5a2645c43f9277cef8b21cd303d8f89146dc68

SHA512
0439fe48b2f89f62d63447fce8cc5c7fc76a2869d6eb226cc3094018f46f8d6f8fdacddacf7664d38094f80f211db57b75ab6e8ab85561fbbec473ddf7066806

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47eb05c307c3729bf767569e204c85bd

SHA1
87082df150048581349bf614bdd3dc66ed9ccf2b

SHA256
dec9a3872abac2647d1e6c728647e90cf83ca67d84c3355bfc507988cc719c93

SHA512
162b6b39cb0e18294e3e459f8b0de479450fd3963e754888e93fb9cd499a39c14b83133e317e97ecd3f83f7fd3849880f31c1e535ea0185971c4d1cd94073577

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67ba4720f00ae8ee9c3eecd911b16b54

SHA1
45cfbc0e982aa051effe67b3a71f8010cff667a9

SHA256
2b09c75c36ce0a2c10b4e8ea3a924f56ce51b94af2d90ec5a34a319bba82154b

SHA512
295950fc05930a02cb0bdf26144138a951fc7236c188862c3441a0a830c83dddf47dcc28e72456b77ce75b45f50fbaf4dad43514f400b16c040733afaeccfb8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c7856290ba602d8158f2f9016d0c4c5

SHA1
3447ae38377d750ec0221bb1e21837f399a06e39

SHA256
3590e2c3f2ad97ff5773a4eb8485d792cef6518bdd66ff1166aae1a74147a563

SHA512
456940376e2e66b0e161a5993625c790b7687d102ac7f68ac359aa4f4bb1713c19ec9d00b4293b0394b6078b88a9598e32e77ab08dfe520f97865244e38803c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
458c46d65e25fcfad626007c18689362

SHA1
10b1c1683755bc570ff3e8d747079e205c56aabc

SHA256
b3c8b2c27ebf0c0947944d5c0b1fe6aad12b6f66d37b49c6882bcd727622c7f5

SHA512
dc306fd2228de8168a7858189df9bb49fb603c5e54501626ef417d5165b8766a691d24c8f28b9d01d0e9c6ce750b4e89d6e9716d85d681a82de17a3a0d21d1f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bce4bc5c2e3f7b91fbdcc02366323487

SHA1
3472b7acdf0b635ae86abdddefeeae2b2b3a3eb4

SHA256
d9f038ec6e2e8257e75aade6ce5f0b4b7076f8c811a8b177cb421dc328f5b07c

SHA512
0787694273ccd7768c8df6436e771ae2dadbf4a98cd9ee8a07ac5ea12134cfe36986cfc59f0cdcacc5130b9b26601577b752d60db69f543bde4724d0223df112

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
101f19ba04a1c0c84d801bfb417b0bd3

SHA1
35beb324a752502f173fbf57734ceed8b73a1758

SHA256
974fe400903bc84eacea24809d466c5ddb1d8ebb153eab3c61bebece8b3a644d

SHA512
7b291ad884ab2ab94e2cdc5058c1fe8da2c0e579f957819c70635324def213f8de03ab923ab0005e18d02eccf14a8bbaa6168278792ad49ccf623866a5335c05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54ce57a8ce07edfe2c6eeb46684bef88

SHA1
a3b8496cc3e3d0e94a602acd7d3b64d123fdfecb

SHA256
5668f1482e45875e4c2c2477f200e295dbf2116733b40f53e5e5e7d73d383915

SHA512
9aba9b92262a40e1af961c2d1932345c1cdf482b7f1c87ca13c6f9ae440abb1cfcfb12f5b21e5c2a4167959e9551ed9be30bae729aac11011e90ca2fd05af46b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
801ea539fec6291bdbebf546b51d020a

SHA1
5d3f4ecd5405e64717b3c6d1aa85d64779f6a092

SHA256
2589a10b835ff00ec42bbf03a602618508f9e37bc2e718643fc3fa69d09fb6d7

SHA512
c805661874bcba7796b7fb153bd1d6093621ea31ffc00a8a27a660f67197f3c7be52a2f80b7f15306966f61447b18bbe9cf6ba7a490042bfb07a7c167273864c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8e49b44be6780e908975b4f797f049f

SHA1
a214caaa226b5fd563b255cd183a06ed07b2b5ea

SHA256
b1217ad9014a58e6888c81d26dbde68600b0b6dd3f90b4b46df4ad09abd23eb0

SHA512
d66477107004117684d91443c0ad278c139e8a375a1b939c2e363227413bf80457939ce9fb747c98f629c88cd20a5cebf0d5c33d11dc3d18420224eb6e22855c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c6b9894f892e10fb146847386664b293

SHA1
eb1613824c76e2fd69b92637761555a001b2d190

SHA256
3a237ac736a50eb924d6ccc1e28ff4d314f9a1c266615996ce8d471d1afb300b

SHA512
b24e641f20dd24e944996cb02c5ab77d3f4c8df3a7a3081ad002d5fec418fa49ef5eb27946731ca978f22d34946e2295e4e3b7ec6acdf65cafca3ca34bc3f876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\css[1].css

Filesize
972B

MD5
3c50d5bd0eab56afa223d3ad177859db

SHA1
0647ea59ec724d19d95d55864d437f5ff859183d

SHA256
610c1b2c92a60ca56e43aeb8e6809777edb0befc76afdd789821ea3dbb9cf4d6

SHA512
9742f2af25c95448b648cbc35fd50cbbf0dd19de1d28a6dbb0ca9143448757e86e24a842b82f7f705b4aaa6617d5fcb250c36dd596b708f6fc97390cf9f31b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\css[2].css

Filesize
1KB

MD5
09cf233d1589f5010ccb55336acfd5a9

SHA1
6141c5482039f73882eacee7849b580e2f697b3e

SHA256
fb9b899fda0b7eb50488eab5a65b1459f2871a487782417ded78a50cfb0b3616

SHA512
c47c359a3194bbeb01766e658c575e6321dfedace3fb45be7280a95cbae1998c17852f82ac4950fbab37440439e1b8635c30ad28613b756ddd0329da17785188

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab24B2.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar25A3.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit