8cd827e8a094557624c94fa28db05d258d88f9cf092a5cd3b9bae3e4a41533b2

Analysis

max time kernel
150s
max time network
138s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63d5ac458eac7107f9cc5007d6e12f18_JaffaCakes118.html
Size

142KB
MD5

63d5ac458eac7107f9cc5007d6e12f18
SHA1

b0069d9fbbc0b84317c6155092610c224e0d8939
SHA256

8cd827e8a094557624c94fa28db05d258d88f9cf092a5cd3b9bae3e4a41533b2
SHA512

6c942e492ebcad320795308659c8faf631e2d3f9963078f8664474e9b6ef28dde60f38bceedeeeecafe570897970333b6a3239681cf619496a9989c6333d08cf
SSDEEP

1536:S01hLJGa+J2x76vuyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3om:SSGafx7dyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1E018831-1789-11EF-8951-5E4183A8FC47} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422468183"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

756 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

756 iexplore.exe
756 iexplore.exe
2164 IEXPLORE.EXE
2164 IEXPLORE.EXE
2164 IEXPLORE.EXE
2164 IEXPLORE.EXE

pid	process
756	iexplore.exe

pid	process
756	iexplore.exe
756	iexplore.exe
2164	IEXPLORE.EXE
2164	IEXPLORE.EXE
2164	IEXPLORE.EXE
2164	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 756 wrote to memory of 2164	756	iexplore.exe	IEXPLORE.EXE
PID 756 wrote to memory of 2164	756	iexplore.exe	IEXPLORE.EXE
PID 756 wrote to memory of 2164	756	iexplore.exe	IEXPLORE.EXE
PID 756 wrote to memory of 2164	756	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\63d5ac458eac7107f9cc5007d6e12f18_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:756

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:756 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
6a904d396c79859de3fd0fce2df9bc3e

SHA1
91735eb4857c7d51668a6839515a90dec8438262

SHA256
1480fc0efb8ad369a1d9a37728c81d2bb0624d9c09cdd63b643dd29a53fe0a5f

SHA512
09d97bb7d26f965e16dd460e068664f1a081dd20d72c1edcee0d1897dcf6f30f688ba40a38446c3a93b9ab25c7d9988c03c3a9513600a5781e78828d9fcb6ab8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09d960cce82a146f386e812510fefa66

SHA1
4d4b5e35cad244fb6e619999109380d618b6b8fb

SHA256
c4e67ef1db2b8f2d6ef12cfc8d989736e7dee66b0c993958578aaaca7f1beab1

SHA512
6e0a3c18ad88d11fed90d311ad7688defcf32cb325336173566dd3376ba352c4615b44065eacf90bdc88fad0ea5a9064638cfbfa4f59606ad5c069cd046e10a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a2e6a971c5aabc02047d26d59db27ce

SHA1
e5d66fca05f3b79cba91a4326d15377ce68896a0

SHA256
98f07267855a62449ce3d54835cbfacd0fc63a4550fe9d76d01dbf54b840f2a6

SHA512
b396077a9b704d524330075e18c4973dcafb7ae2c7b950b4b01a555170185e8540c7f827ad1a2372e845396d2e72dc84c38e1c0741d98f2b3fd21caab46c9ccb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41a5d2b477976249b0c4f4065a2c037c

SHA1
ea9df9911e559e89c626e9f303932d3f3ec9aa7e

SHA256
91581eb740ad5cde408ece4e3edcac6cbaaf78e8108ba4f7c6ea36ee5a9bed1d

SHA512
0b173f405f9a961668225a46576ce89a227e5254ffbac1f79af05c893fc3a5f8f07e2790a96729686f7d006e30a9c16ddae7dadfc47df86c489c26ba114f7c19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e935ba8362a41b19ce07ac312096dee

SHA1
697d05c50f0c5bf598444de89772866d3e96e6ce

SHA256
d38b6fc73eb69e5acf09a5b90048bdb65a1478b1e46b663f50e425d8ebbd9b8b

SHA512
7de8eb19eb7f460649c23e6d05d099404bb48eedde11e62983442c0a1416729e9c336355ae081e7db19a062b776469d379b609b9b6b7eabeb78b2830b4a2c410

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03540fc44b8a2f3ecbb24120e17bf828

SHA1
a780a714bc8a85a1f68421647f5847fa6d618872

SHA256
a16e93f545a7ba65e1e2e4ee2742246deb533439a39906d85d15c1f4f9734dc6

SHA512
1c067d8cd7df9818c2df0134378774698b3b167fbd70b82e29b6f6729047fb5bdcb4e2a2a3d901b4153e2b085300cde09e9d7761270b6b23c48f73f5d76a23df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9670dafb2d5ee423701bed6ae865acca

SHA1
a3661b028c9fbe3e9840f29f3621785d22055b01

SHA256
11c28ddfe8c9bbec18f3ec099fd6c96da3cd95d018ba7a37435994e6ec66d055

SHA512
207e2b05efda0c5d90c4b90e54db4d5cfdd373dc6fb2a7b8e78d94c19b8340d6c4b933883bd6b5e59de627f87918e91b50e7ebf4ac7b2626ac76c28abc0de927

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ff42bf0a4e9b238e133e73b6dcc4705

SHA1
681d72d97aaeee1c61ab10ae227a26d6c69eb644

SHA256
f0508c25f7cb13d04b2e441111e51417b1cb0998933f7afe8e866f7e331cf384

SHA512
74cfb79768fb8b956dc57e251082ecb5c56371cefb97f035c5c31a3e10e3a07e0a583db26f2315237368bacbf6df01784d71beeb27f9d339f179410ad4cd5042

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
231cf4e2bb123f957957a2422d20870b

SHA1
73236d5692ed25cbb6d0a327147b836f23bfe52a

SHA256
c5ab27ff681132261c3459bd5db835af5bfb91288e1aba4cfb809e85cadf9084

SHA512
308b7d8993f32df7cdb7325e2de285d44da7ab4c283775ed33704c0e22c7c29dc613a9a4f0fd15e894eb039473862172bcd83d94db8b0d4700fbc46d4275ebae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05f07189b51eb86ce5d83e6b805973bb

SHA1
3eeed5cf634a02395c2ea07f0f818537c3ef5fc9

SHA256
942725be806509221103cc27180ea3a8a783c77169a80fdcdd06b4b4c1c205ed

SHA512
9e3ae1cd3518a7536afdfc2339275d17d81bd5893c3c2cd299be93756e7baf03e89181e93fe9232106586f2865ad8767f1fb0efb047c9c2e5444fd649d648e46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
fc23165a5a7979689b13a4b70d4f6230

SHA1
282188f2af3bfda3f707440d79935bea216211bc

SHA256
cdc83fba738d29752d70707a14a39c07b6a22cd4341cb9ab168a4eaa3561e783

SHA512
5afe10bd3a4380de6ad47f7e8db5337d556b5baa62b9da40f280d65dd42a711d7bd7f323597b317ece1df13a7e46425e72c01d6f086daaa72bf01f825bad6fd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEE4.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit