d204c6604b89e859a8c16a970479ddbafb8b72b9b9a42886bc739ac5db42b726

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 10:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f7d0845f4f413e98eabbdcbcaf4ee73_JaffaCakes118.html
Size

51KB
MD5

4f7d0845f4f413e98eabbdcbcaf4ee73
SHA1

54ee9a37f404d93101a826990f39cf0f3096afa9
SHA256

d204c6604b89e859a8c16a970479ddbafb8b72b9b9a42886bc739ac5db42b726
SHA512

aa8b621d91de18af2f9f6bdd83cd4059d98aa055b2e1d28176afe2bedf799fde1fb2544f62d28d120a10b4c15c73f86fed454e9c702fb0c7d1c658b74e0a0baf
SSDEEP

1536:XC8axV5mI9pP6ssfcllEPzcEQQMRljV2o5WdeE1IErdv:S8axV5mI9pP0fOEPzcbRljV2F1IErdv

Score

6^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2196	2252	WerFault.exe	28

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F08142C1-1435-11EF-9542-4A4F109F65B0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422102605"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2932	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2932	iexplore.exe
2932	iexplore.exe
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2252	2932	iexplore.exe	28
PID 2932 wrote to memory of 2252	2932	iexplore.exe	28
PID 2932 wrote to memory of 2252	2932	iexplore.exe	28
PID 2932 wrote to memory of 2252	2932	iexplore.exe	28
PID 2252 wrote to memory of 2196	2252	IEXPLORE.EXE	30
PID 2252 wrote to memory of 2196	2252	IEXPLORE.EXE	30
PID 2252 wrote to memory of 2196	2252	IEXPLORE.EXE	30
PID 2252 wrote to memory of 2196	2252	IEXPLORE.EXE	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4f7d0845f4f413e98eabbdcbcaf4ee73_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2252
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 3044
    3⤵
    - Program crash
    PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
bb1f81e49f0cce27f6d8bfc046f100fa

SHA1
18535bd768699d7f13b7e98ad5195a83755cc286

SHA256
5a678915f01625421742c7f57c7a7b712330a8eafe1a860805704c0fe68721f7

SHA512
b2ef078aadcda3272f9857a0eeb4b3b99acbc6e261fd764e68478c4ac635e595c1e319fd89f79fb4af8f37f30a1e0091bd9150e46aedf841d06c6cb2781356bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fe5d7d1307947df6b442c9a52f66ce8

SHA1
a7d7e2265635e3a1b1bef5f41c77fff8f5e8d0a0

SHA256
1a9153fbb9cff7620bedc15a491a0a8c52cc289dadce75a4057b4a8c8d12a574

SHA512
d011b176a27d7057be7770f3f066262603afcaa9b9177319ac0e335c0fbeccd5616cb824b84b1d0c46d5b6d203f554ef53e09382db9d36335498a90e00a0fae3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23fccf63634cebf9e118e8b169c357b3

SHA1
dff7b7ceb26bb3b982df94b2039b5d2d188b6c97

SHA256
14d750dc653807cf3ba28330ba2f5b4c38c0aee713e8fa8327fd6c76bf5c56b8

SHA512
9044cf76f93b031c91d154b8ed404ea4272767d852a92bc857c04b54f4acd1d837fe23b325630d73f8e919c6a0c6b288a2611ca539c079cfa7dbdacd6c4509cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e0c37360dcd94faa14985e4f34074c3

SHA1
c2a8120610aa9687ea4effe052e6d363caeb1680

SHA256
1a952ad0a58d5d2f5d0afd96955eab84dbfe3975b79468b94e43b8a64a69b35c

SHA512
fe31ef71cce6156c6ae492e412f4a15bd0691327f58205efe71372c76387e56c189dc858809febe52cc88b71c3c379db0abd0c3586d99d6987a97791d272bac4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45ac25f1bd8c5c88adc4641c28e09d53

SHA1
721cb8d747c3356fffbc4cc1264ca0419cb5e661

SHA256
adf7000cf930c49b5cef0e9ced2ccdafa2135dc4c827c3dacf2db1997382efa6

SHA512
fbbebb4647e4d8cbc78971b57848a5704e1672340e73b4f3f258ae39f308e3268bdd8a5e7583d039f67b72237088ec61168f26f92ccfe3534cf5cfd1fa2327fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0202c487b337ba3b30e1d77d9c1418c

SHA1
c2a52814a6fee607b7c08f4e33098282209ac130

SHA256
8a8c9856b365c318ea99c1883d9f8209473d47c0c03f0f39353b3ad6aa954f36

SHA512
c4a739c52b0af1889f9c3a7354120df1691f419dced673ee010775c60d2e8c4f375cbe03e90c0cffb7d7966d083b943be877b57c90ca67cb383ce01a60e00c92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd98d98d2387f578a29f2e4ddca9633a

SHA1
dd3865d7a06ed9ae3e4054d67bbae1b486533301

SHA256
67501f5e43a765d1474a948d405debf7a41fadc58fc2b047e7f052f7b54cae97

SHA512
6d030b742de96b583b932ae97b25ae327a2b95645c6d9a9639a2a67d85ba7c061697fff7339b2be8489fbdb7c733eb284a59ac3cc339672b7286a49e930182b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5cf9411d0e1989ae4fe68d10c8dc2d3

SHA1
f42a2de18d22d54351eb2720735554046b12d913

SHA256
92bbefb65a90b73960756d8229b9bb98dd0f33084c31090067abbcfc88a06bf9

SHA512
7f63651bac72e38878254b502f64244b1e8eef2b7eb348ac5d1f603be04d2b299d7c720df4a9931cb365564c8b7a475da2339da30a6766250c1f281c58e68b89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0f4ec8a8ceede16ab1f9d83717a1e81

SHA1
8a83aa054b2f8e13da385b41e9026fcc3391d84c

SHA256
5dc64bde29920b6afe459d7827b04df5561b71721336fbebc7e13543a91a182f

SHA512
86669566db26bd78ff74fccb21a5d5f6ab2555f3f2116be5d5bd398de11b91b11a3a442e734b8677730bcfdeb9d5efe10892f89f1f9f93898cece0ef55aa73f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff0bbc31c03093b709146d54ba14239e

SHA1
c76ee38a529f48768d05385c30400d50e0e447fa

SHA256
8a072ec16709e34aff3a6f837789548f7fdd4ef122b09abc3600506f785a772a

SHA512
fe2115da69d614bc6ad609b3fce9b5b1b1a5fffd27c751f1c67de12de9a837d00bb4b1923cef4622ce196b1275d4386cd404f47a7ed43e4c7bcc3b3ea838ccee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
a7f290cbd1ffbdbc7249b76675d4ffd7

SHA1
26bcc0f65c828eaa0f57192501f6f798b95d6eb6

SHA256
3e375f32b78a34fd2c38aa66ba0be8a885ec4a5f92ad4fe13fe92fe57dbb70e3

SHA512
f6b4ca2398494d2091fb1bbff1358da0e122589df16d292c3a7c6d4b862f156f5cf994a48b663367e6672a7f671a082c6f5e5db4ac5698e51ba6a889007af8a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\css[1].css

Filesize
1KB

MD5
51fa5610f5f5b507d0d238230ffed3de

SHA1
9b9911320d07a28f62a84d39c826673e74622097

SHA256
731f1f968488a5868cb841dd9c8a477299f6666d647133731d1037f690358dac

SHA512
ca2ae4cf79ccf6c66343edc783bf036065512d6097c1ecbd3465d959476fbdc3ca55409d89a370785ff9b80a51cb48e8e09d07b897bd63e0c4c556bf0cfa47ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1516.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1529.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar16D4.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit