e55b1e21c7fc8c8874232f551edf10b3f080cd078885deae157af5dfa3eaf12a

Analysis

max time kernel
141s
max time network
144s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

639eb6fcc55536ba18cca15e63711bad_JaffaCakes118.html
Size

404KB
MD5

639eb6fcc55536ba18cca15e63711bad
SHA1

3ebf2c45a24dcef41765984d7bbf7f9d45aa2cbc
SHA256

e55b1e21c7fc8c8874232f551edf10b3f080cd078885deae157af5dfa3eaf12a
SHA512

bdecaed41d37ea5d80ae29aedad5dace332fc9dc7f5799b43334429ae6bf88d3626c111a4fbc267c93e405120c73dc2f528bf49a9fc711f43908d5bebb0145df
SSDEEP

12288:LHzYS0w7RbgE3Q0g1IPt23rl/ZslohtKJ4Eel8BK:9RbgE3Q0g1IPt23rl/ZslohtFLCK

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422463656"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{93B45D61-177E-11EF-84C7-4637C9E50E53} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1920 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1920 iexplore.exe
1920 iexplore.exe
1636 IEXPLORE.EXE
1636 IEXPLORE.EXE
1636 IEXPLORE.EXE
1636 IEXPLORE.EXE

pid	process
1920	iexplore.exe

pid	process
1920	iexplore.exe
1920	iexplore.exe
1636	IEXPLORE.EXE
1636	IEXPLORE.EXE
1636	IEXPLORE.EXE
1636	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1920 wrote to memory of 1636	1920	iexplore.exe	IEXPLORE.EXE
PID 1920 wrote to memory of 1636	1920	iexplore.exe	IEXPLORE.EXE
PID 1920 wrote to memory of 1636	1920	iexplore.exe	IEXPLORE.EXE
PID 1920 wrote to memory of 1636	1920	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\639eb6fcc55536ba18cca15e63711bad_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1920

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1920 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
df80f9ba75076db634761b6132e0d4e3

SHA1
07983946fb660752c7cccb2ef82d01ec4c9ecc5d

SHA256
d5ff96fd8b416de93a85783192206224cf8821c240cd8ff755f2e8270153dd99

SHA512
4ec734c5d29e9ce00b00e42b627253195e8c7a158433fedfcee428e692a6501981c33d7c8a39235f8b691f087145cdbe660b430493edbeedb12588c5cdd5a66a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_146E1E094E96F2D77E1CDA597BE74F14

Filesize
471B

MD5
94a4cab7519a2a076236b2e85d9c3f65

SHA1
fd1e001221d93e6939555fa794aa0a4c48c8576f

SHA256
b0cc65b35a29e774b1ddd729c8d7f535307e354e07ce48aff7b4452be95a6b40

SHA512
23451e6b6571e8c1c3442211b496e4895a786d2658ac7dbe97790530b3c824056f6447ec395f76573ca38b54bd47a0a98bc73e30ecdced43c50a5e506b3abd43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
0d7695ec84d8c50df3c2a28c2cde9675

SHA1
0bdebd6ed7382b6fb6a52ac2c03a9a68f797791a

SHA256
dbea705dc0c890b8d7053a23a3f7a67fc9e3a367488d3434d374830ac9edc457

SHA512
1da59be5971a0512bebbacfb66e60919e4872e11e78997a0cf18a156384978697a802474764f7f033f87812135e30ca72c743c774ffa03d4c736b633babd0e2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
a4c73e417e4fc8a65ed89a9f19a6b12d

SHA1
b3d6505171acb1931dd263359d8e4c419763164c

SHA256
45892ba85608071cd184d53849c695262a019c06e0d9a426639cf0bbbeb35d32

SHA512
5e79c8ca7114b91ebf4f625c131024138a0943f74c4211b5bfe1f8ffd76b93eec330511c906015ad2059f2fdacb8c16e2b7fba3dbf91766ffb1d40a008ec66a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
31880be15dc8b22bc779f63d46852eb8

SHA1
c444b87b86a0a1a94344b1efca852ded18978482

SHA256
7c47ee2e55fd8e4b5b04c58510b9da4a1ea0f196a8b58a849f8d836c34acbb0c

SHA512
fa6c999c703e5463d8ad24b4b97a4f5fa4d389161ea6ee173d005f53293a85d969e0754dcdf66edc8a52ebab8b697a4bccac6d11cbcdee7267bf1b2ec08af7c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29ca9774a52e0216d0a394d1776a7de4

SHA1
cddded077b661c4d06f2b499e2e822793cfc2cab

SHA256
38eda3dc399511e7a5c7663863cda72ce1ef41aa0981966959dbfa77dc2ff9c6

SHA512
1f5fe337ecc5f095ac50317d08f5c4764e68163a2e45f17c3d4ba58495bcc2d8b4ea54d4486e1621efc33db28141987b77ebec0a2d95873b1738cbf5d8a4104f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f74853621bfe4b0f582c2bf7dc1b3c41

SHA1
3fed248b34d47a254f93ede8d78cc9e9df28620e

SHA256
d53b94684f34e603e678628c112cac764a789cc6e332fd5ce0030450c13d2d1e

SHA512
6332dc2aef5cf8b87fe5d35271bc25aae26e00c1aff16387129f857713405b3c4e680c547c3e1fd07f8131f3340b1ccb8b16fa89b36c7bb351fe2b9c4a07593f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b48d9564e1475a602ab5f7d51b1fb46b

SHA1
f62b01a3ecaee8c2e6474c5d5de582215422c17f

SHA256
5d4cb36edc2f71ab058a9f85517948e00030cc1b0e4e67a4cac066d859b5b980

SHA512
b946b0db7f1c3434294e3157e2adbf7859ed30e94481c404d3cf5b79afbfbdd6539d00c16d8a1bc609effc1460db00a6973254f877f913f78600ec72d2bbcebb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05a14ef8f8f2d80492f3a89179fc9398

SHA1
ba1e48b1946db8ebfd62dd663c5f575a160c138f

SHA256
3b62f9e7d21ec44317c4c8ecf4bbd601911217f39a3f73298ab73b53f77db4d8

SHA512
e66c65e1b945d3db69297f788c589f6abe2c16498934e3b30582ca60cc79713fc15009f65b1431ea261aae9dc5487a649574e75db2245174d7ad80ca9d25c59f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25b665f00780eb8c738c9384fb6603b8

SHA1
afbb0e0ed16b1f7588c4ae93cb265715525fb81e

SHA256
357c5611ef3c32da48d7042aa7589429fa5c2ff984d9db76b734702548be61d2

SHA512
10edf03ad63ad5be63889216d3366d2bb8209f2a9b21c80c09c97db159e89c325c1b3585b307977e79a106534d99289b53a04b48f986144a4cbc8bf86eb91bf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90b3de94485f47a2f854b592eb734d88

SHA1
9886197190826cf2af45b1a6b5b01b7a58dceacf

SHA256
c21ddfa5ce2112eee8f8d7cf91cefb803e6ac4fdd69789e176f39fb825c10aeb

SHA512
512ea545423ec7be15ab9a616c2a6948183e1ed6fa915ec0378cbca4555a87025d1469f4fbbd6667adf05250982f6b6faf0012b2efc8bdfe540c51e7ffa6cdd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8ab6d45537ce0db46e1618d941980be

SHA1
815e49623cc9cf03ebd17b16942d8a4bd2f15dd4

SHA256
571ce1908117be98450df06e5a2314024f9abdc76e9f2f0890f7d740283cf2b5

SHA512
9dffe33c86bb42db4bc58cb79b71176a3a76a8d8bf4e54d33204464f95447c82062a1566c3ed190f02e81458f7ee7b6fe740f5829c08c93694cf95e6629599b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46d1577746b82e46002cd29eca16279e

SHA1
584ee072b66daf8d93e0bcbb5e1661b41d2cc5f1

SHA256
e4bec0362b13ca0f20e62d1e00d8988f12066ab686f71abd5d4b766bbc06a386

SHA512
d4f005db9ea17386b50e8c1f0710ed1f46a0661f00616783dbdb8f17892645bad4e416dd6293ea31380f4c9d24c95ee04be7d21aea277c929f88c7199a74e3f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77e89ccfa93c6b8ffe4cf2e6d502b96f

SHA1
74b889ce67590c62fc2d44e47454f2ccf03ccb64

SHA256
915b9fb9eb04322d80683049fb87b865dce74640e6d21d73fba8734195f7ecfa

SHA512
fc95ffb03bdf82e1529fcf1feb121dc4cf70833d979626470bc4cc3957717adee345a89ae9b15fd3469706d34d51202fe50684a76a428b271c6b9374ed7fd73b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26db6c178c457bb1b7739f6260e74065

SHA1
76d9417978d5f5dfeb11935e1f5cb20028a10d6f

SHA256
f71213a54f6b553a9b81d7054eb14cf12301c9843083eb45af402c60d5228cd9

SHA512
393c61095bb00af6e76c41c151d50f73a73eca435cd948bd4bc04654b1f5b6b25ee3d235ce2dda8397c0d6c20621cb8d27d0991e8dffad77665a693adcac0638

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d04fa0cd6accbf30f3f1748326bcc57

SHA1
8f710b53403d0cd7f091b2224a9c67f0bef9120b

SHA256
4d2cca646d5e01984802a006b63c4cd2872d9613902df114b57a2338b4797f63

SHA512
a93a21ca3d6c46297f234e67d147262bf5cdc769eaa0fc2aa4ba21cf188058c29332b93e63425cd1fd916576a6e628aff2b67f825e45bc836989b3f3af7377d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_146E1E094E96F2D77E1CDA597BE74F14

Filesize
410B

MD5
fd9a9dc3b3da4403ffbb8ece5e067e84

SHA1
e551968c25caf52806416c01454d56ef2043b3e5

SHA256
9774735635d7c7857e4f8c70525f480ed63049f705fb3606a28daaed1f3b94ab

SHA512
7c9a43711ff7e6881d32f32dcada2563a8bdaa50bca27b30bdb51d52449ef59fae1212d07d115fd1139eccb6d75bce3ce790f9651dd853ee6cdacec7ed13bf60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab11FD.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar123E.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit