2f7434d29122f81ceb52bfc8d3ad31c7c088c7221fd9358af6705c4142e81119

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51355f0f901bc3ca7dd9757b1c88a251_JaffaCakes118.html
Size

31KB
MD5

51355f0f901bc3ca7dd9757b1c88a251
SHA1

c98e4ef7cf4e2f104934971f8e17cb4e576d2980
SHA256

2f7434d29122f81ceb52bfc8d3ad31c7c088c7221fd9358af6705c4142e81119
SHA512

d3831b0a1ae046198435cd23d9b2dc45a9751f8e95d8ed531118cd1a632c3dd6e1ea23e234026528d68d4d49eca5e5d2c1f2bdc6850e089117d59842e073ea0b
SSDEEP

768:SYJeiFvHxy2iTP7pEJrxdIfT01gxsnordJIDMzEjHu3CL2MCvT:SYgiFvHxy2XJrYfT01+sgdaDMzEjHu3r

Score

6^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3916	2148	WerFault.exe	28

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422137441"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C64DD21-1487-11EF-BBEC-C662D38FA52F} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2460	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2460	iexplore.exe
2460	iexplore.exe
2148	IEXPLORE.EXE
2148	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2148	2460	iexplore.exe	28
PID 2460 wrote to memory of 2148	2460	iexplore.exe	28
PID 2460 wrote to memory of 2148	2460	iexplore.exe	28
PID 2460 wrote to memory of 2148	2460	iexplore.exe	28
PID 2148 wrote to memory of 3916	2148	IEXPLORE.EXE	30
PID 2148 wrote to memory of 3916	2148	IEXPLORE.EXE	30
PID 2148 wrote to memory of 3916	2148	IEXPLORE.EXE	30
PID 2148 wrote to memory of 3916	2148	IEXPLORE.EXE	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\51355f0f901bc3ca7dd9757b1c88a251_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2148
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 3800
    3⤵
    - Program crash
    PID:3916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
340e75bdf09a1a5611af271610fe3bea

SHA1
840d335fd70a44280b0c80c0f2483ea36f68972b

SHA256
b7419b4b5f1db0a60f6f61c94792e8b040190ddd3e311c4bbbf85bb633c91134

SHA512
262ff17260cd9fe1daf597c3a3178705ec8cae546a49eb57d1a2dbbe8fb2aaa96f169a68eab1ec9186b139f3f9cf732ab27504f789468eb765e063a94de13da4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
e89f8055af7f4c9adef71b72ac41e4d9

SHA1
bd692d168f6c7ea2832702cbf26af6ad0fc4c2ad

SHA256
8ffacc8128f1930dc298e6ef9ff53e83760c30182593c831f9ee2f71e8163925

SHA512
5944f975ec6e6780fe72fee45536c59ff0f085025e753b7c3b49d52499e42411e23484c6f9b1ae56f2ccae2c7f13ceba254b74a56655fade930b73843674a355

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a99f2e76f58084ff10221f443c806fb5

SHA1
bda9a4b01c69cd1e3999bebf463ff2150ed3aa61

SHA256
ef447e302e3dcc0109af9be281ff6c09f7e55efc64ed2b79a3f6a30aaf5a328a

SHA512
9f0509babb8dce3df36f511b16aa818e21f6d82a2333e3593f90e1091147f18847eeacffbff19fc48a721a9618360b3d86b0c6fa73733cc727a194350de76d9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
36bfa64437ff79375d4e7f6c40c915c2

SHA1
ba55a628c98816ab843c783c4f6d35207afc10b0

SHA256
f9d9fa1323cf8adde90b18c6a401aebc299120f501d99e8d6817515ab36baa5d

SHA512
ef475550ef15d3acef3e46ae2ad81aa3564ed8a5b0eca5d59f8aebadb55ad247326d06f27f38cc0178f1448e5cf1981ba3ade4959b74ec5efb531207f68592d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
484dcdf533fda224e10c832242dfa97c

SHA1
8ad16bff7b1775459f4ba3b7d3f815eb4a00e8c2

SHA256
e4e7891465429caf02f79c034b223e482903a5c6914d3a37c39ef94ba680afe2

SHA512
65a93b52746457d8b65ddd3f507dbb3c366ff689c3d1b514f84e5789efb20abf790bd4e765317dc8e4910f5b4eeb38598357a6a4d12d6114a6571c3de600351f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06dae806f948872825d125f44f514358

SHA1
9ca91baf70e7e6c07292ad8ba5a21a8635ae5fed

SHA256
76307728f9171757926cecc9679b7815b861b42960de4f28be8fbd1a330f03c5

SHA512
6a6a5bc3de8e33f23828ee33b5d2846b03cc519676ab76653ae137ea059f52750b7919907e947c1d4e40ce40e0c0bd4fc097269ecf5500042827e113dda4adb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2a849a66634cbe85b4404cbf018ed4d

SHA1
7a0b6a44a26941f4711061ecdaa1276ea74df727

SHA256
86fd438a62eb4eb0aef05ea2211b0e8cd5c60246e7848c3ad7bfd88231d3ec66

SHA512
40fc21138bfbf41500207c07fdebf788f38f3c8171bdc4a4876c566005d0fc5b9a1e034201d2628071176a0f1f65ac59e94bada21468a4782a0f925e1fb11ecf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aeb4a4bcc2739d19cfd6a50359df9e0d

SHA1
a1c8ce6579782e0b6337546d4674be4d37ad636a

SHA256
b1b8251c0cb9b3c88645c11639a5c35164410957286b9dfff616bb5b4df08194

SHA512
20a87ffc2463496b28caa230109f94de6a9c603600c3c9a55e12639c63bce87047308d99b7298232eaf07728151d77f3b5df881d487c9e2329044b887270dfda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4560117e192bb64f0a5669d4a9282907

SHA1
2e00fb10ce917e75e54a15969366de2506951d25

SHA256
fd4ef7b5692a5b97d8e00ab354bed8e883f92258f24758b75e51a5eb5543e4df

SHA512
9412f87a6cf97347eaa9307b78797dc678146efdab26d5f39846287dbb40ec9214c1f2ba3d0579a6acd552fd44b679839282638bba62a9e6c9e9efbd5e4e5d25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22cdd75d02e7386f9e059ea763d6d82f

SHA1
621476781a0abf7fad8f1360230803fb96fb7f71

SHA256
bb178126313e1f2b17c88de60382f22a3f4f703046a04576a246bba58e587ab0

SHA512
0c8a6aa256538d6978a1f9d252595af8e72fec076aa3051e8383a85e5998f3c243455b36a0ac7898e0d953d31f42cbc32db181aeef1959fdbbeacf2cc965eef3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
304709292e426c4562206f09c9a16052

SHA1
b666ca50590cc0a7b8717ed6535a51ad34209220

SHA256
d90890529127b3b2a117bcb16caa311d1e4844d37a3b951ed122ee8094650f24

SHA512
b187a44289cc6a27c080c0dac1479c87b5c76c0d9d8c046583f0b69215f0644b7ca601db39bfb4756eb54a7cb2f63db8ce4fd6b30234d261cb23ee5128722a83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
931aaf34f30577e7da4496a6b4c9b2d7

SHA1
8bba1563211c06db12555e482cecc2cc18db6258

SHA256
9dc3cd4070669df65ff098011b2c7445532bc7f78fee114a2a82466534efc2cb

SHA512
5de1b71948e9ae605abe96fff4f3c09de699ea4536e0bd2a1ad9ed5cd6b9d87bd1bfe0b4febdef745a6dc4a7e7a3ae741ea7a3b3d641204af137ef9b5c0f5ec3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f1f14acf0ba7da8b95adb9d3a19d389

SHA1
b71074f745c587db2a5a34e4927b1ec686ec284d

SHA256
0d0ef6729d27f71ba09b87caa95921f89000e6de8bfc12388c3198a57baa71ad

SHA512
506f3194b2fa9dfb36d1ceb25dac3622d3e2c42ad25364e215100cd058ce37627714fc86dd0acff26433fa9ed2ed5addc99f754b5ddb3548812bc5c49be070eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17c9d9a89b6bb5b2e631f9ebb46bd5e7

SHA1
5d2ffbc74922012428fe4ca49ef4f3de4d8ed783

SHA256
4c1922cafab844927326c6ffba1c6437ce7853527fa076d8c25864f3a394c581

SHA512
1c442d6e998f1378a5148a7361a5d0dca4e775291c87f0a18e97d5eb104cc1b13dcd49d6de38aa7aa9e822574494d08c3aaf8f00d18d862548e9a3e5431dd448

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b3309848c1efec794e73af148376f95

SHA1
d9ce4451b7f9df473c936d5836782576604fdce6

SHA256
f0d699df523ea62580be2eaaaa894050a83a499d82cf82da7b819cdc39cdb252

SHA512
850ea28015936c44e7839dad4cab1fa88532c34b3604505b10c94ed7f961ae8a626d21fc389de7328ff1696a3c38d768d81b6454ccf8da99ce3b556be313103e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5237d8ee478a161baa5348a3faa2784d

SHA1
6ec9cb2792a325f8d0f2d31352d7c54494b4552d

SHA256
9030dcdf2067cd4e6ad2593e9834533c07a69e861230c5f9d730c7fc118279a6

SHA512
6be550447072988a82d54b2cc5b8bccabe92d0aa6b718df2cfd1a0513cc990085109bdbe5e1055f9d384923efcd935af7a78c0ed97bc5278b5e1d414d427ef63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
7301ad81b3a85915bc59b401e61f80f6

SHA1
800e7c22a016e77978bba5427955d74368ee312b

SHA256
f5d77ff0dd0c5e71906324a402fbed80e657a8fe6c634f8cdcae2fbfb4c543ca

SHA512
eb54307e76d975ababa65e51915e042c89b9ba7fe990bf88c317cbab1a7ca0d28501769753acd6ec8d5133911421e24da2fb9f4d0f0ca263f19e3ebe09f1a740

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
7716e2d671521330a343efbfc7d9ae46

SHA1
dbaafcc9619587987490e9072df0d55017f43b9f

SHA256
89783a43f9b887eae005b947d47036b625cb28830ef9efe72cacf0e038359ea9

SHA512
1e4ed99fad7d9ad2318da18326a8155674077ceeef721d610d1899788e0c127839eb4123e86ffc6891fc13426737f67604188882efcc84b5324b517a56166b83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
f1379ca59fa382c67db7d7883e3165aa

SHA1
3f461abe77584bca512e805b6c7f61715d2db43f

SHA256
1cef9e3128895c7cdc9174ff55975007f06ca576da920b50ec84d4db212e662c

SHA512
3f963683342960b94d25db2d5ed765bf6c80c26c6762a0b7172206f803f9717f16dd26c2338e7ec74560afb3b6f3e3f27eae7dbc13682cc282c4683054b3023c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2010.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2033.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit