10de1068d32cb459e3140171e5a03b7d5f11542c76d4e1b3e7c0f617f4625f64

Analysis

max time kernel
122s
max time network
143s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63e78e2c715c7f8977792e12766b45b5_JaffaCakes118.html
Size

84KB
MD5

63e78e2c715c7f8977792e12766b45b5
SHA1

1adb1b3dbfc617522a9481870bad097270c1d42c
SHA256

10de1068d32cb459e3140171e5a03b7d5f11542c76d4e1b3e7c0f617f4625f64
SHA512

76d2f5ca7171589ffa6b86cc9319b9054728612783bdafc43172bfa125335d01a89ca264b85e04dd8f0da37e12976a8d5fe0b53c3b58eee03193f2b2bcf6e923
SSDEEP

1536:NsRQfNDxJy2GEGsVn/32QujHMQG6SKZ0ePc8SBojKGawac2QAOAQAvpWkv6dziFH:Nsef1KGeBlXxuHclQN0YHms

Score

6^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1476 2700 WerFault.exe IEXPLORE.EXE

pid	pid_target	process	target process
1476	2700	WerFault.exe	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5B1CA171-178C-11EF-BA3C-D684AC6A5058} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422469573"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1088 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1088 iexplore.exe
1088 iexplore.exe
2700 IEXPLORE.EXE
2700 IEXPLORE.EXE
2700 IEXPLORE.EXE
2700 IEXPLORE.EXE

pid	process
1088	iexplore.exe

pid	process
1088	iexplore.exe
1088	iexplore.exe
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

description	pid	process	target process
PID 1088 wrote to memory of 2700	1088	iexplore.exe	IEXPLORE.EXE
PID 1088 wrote to memory of 2700	1088	iexplore.exe	IEXPLORE.EXE
PID 1088 wrote to memory of 2700	1088	iexplore.exe	IEXPLORE.EXE
PID 1088 wrote to memory of 2700	1088	iexplore.exe	IEXPLORE.EXE
PID 2700 wrote to memory of 1476	2700	IEXPLORE.EXE	WerFault.exe
PID 2700 wrote to memory of 1476	2700	IEXPLORE.EXE	WerFault.exe
PID 2700 wrote to memory of 1476	2700	IEXPLORE.EXE	WerFault.exe
PID 2700 wrote to memory of 1476	2700	IEXPLORE.EXE	WerFault.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\63e78e2c715c7f8977792e12766b45b5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1088

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1088 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 1780
3⤵
- Program crash
PID:1476

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
91a57f0d9b9312c47be8c8d1ed8ba91e

SHA1
c57220ab7db6ca4c1269a7532f2b65c6edbf88c3

SHA256
12a1f96007cee54a594282713a5775ee4bb786a00f1fe6cbbb16ab5e98e0673f

SHA512
8a38e6e43fe100e3027781566c3849b45c1a041630daed839cc0267a55829cc2761a1bdf412cc9f960287f580cc24d38d39565cc449943186805a4e7bb2361fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6e8aa95b47e0a14e745984cb6f1ce4a8

SHA1
2d30ec0610c320884be1de889d943554214a681b

SHA256
b5b00b4ae052dda80d297f7c003b0c62b24e3dffcd45d090ddd513ce3ef94423

SHA512
9cbf570bf40d60148dcc5c9244c4dbd1cf03ef7a563f07608fd8ccf112be90a40e9a5ea2f9a536a0fac001265e02e4b5ddbb7f4dd50204d44ef35ba19fe45966

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dffc6b53a436c943e496e988ae0fc8a1

SHA1
23bd3645da30d82b348f113cb0a89d00ba6d41e7

SHA256
f4d256bc3f38edbe258c7f745a119b719e2c80fd99c0b506aec81fecd8c48706

SHA512
48715f07e12a2d253d09178f8c16b8d90cfd9d6eb6b2d37f391880e7cb68a6e7c4883d29d96f0630007e0c3cf95423351687a203ee602f93ac436908daf3fb26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
acccd9ee30950477138937a278c9eb97

SHA1
39387f23a5ddb9a3430c99c54d364856f3366471

SHA256
780b1e69ffa1af559659db32ef983a6baf848aaf60321b871b503008d2c67449

SHA512
af4a85a6edbe21dfedf73b0d9809aec99dd8a78eeb19d90784d73295f5fb4b1ec596ea145e0906947dd31f14e06d4f1c0d37e5a493b0a598831e16ebf36971b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
06d75887876eb40c94f60c7a89920571

SHA1
9c26ed15a17c6d4a2a82f6cc14f34f493d7124b0

SHA256
00cc267999efa192516c36fbc44b69075063950b9d8020b381bf1a0c25006c38

SHA512
2d2b41378a81184fede421b40d0564ddc760880326c957dd5a1a1b620294e55ec7dcd2501c7781b8f63927d14f5df0ebccbc33be2a743605f84fe5ba720a25e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dd8b3465a3320e833d54db2a0abdde6e

SHA1
21c1d833d41a69371c027328c9778091e29d17f7

SHA256
9a892d98d4664d7d41c6c4d4ebae92fdbe38ece29d5ad3f2e73f46a231ca95a6

SHA512
ee999ee47d4ed31545063f412223559fc71bb850d0afd06af69a2104f8180ce2d8e2a3dad7e88a2f00f36ca399871f082baa381437ed97847b6446a85ad2d8a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7ba6c8cadf04ba0858286fbfdab20f5a

SHA1
a5537fcb150b07d8e2f7c0aa30eec9849ecd8e6c

SHA256
59e939ae908184594c6b84e8d521dfc48d2eeda4a9db26da30d7fb7482157a2f

SHA512
dd3f42ca2622ba11036cd3d555b9eb11742233f648793e3a32aecbd5a33b76c80b6a4911a9920e1631ef387c6601fd46d3c21d190df04d75653b96c47c2ce4e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9cf60b855d067344a074b2b67a54bea6

SHA1
ded1738e3274eb1f6e2b62937cf333ac1988bd95

SHA256
f6c3faae8b158853c47c3827cf4ad41d3cc5948d5d9aeccb9b5909af8be3090b

SHA512
912edbe4a92d9dea086b0728254ca1d9ea244fd3672c0090e537be187d05013223507d1593321d93a519147f46bc3330c4be32c0e5ac76595d7279028d749dfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5d9d53b7b1a042746466bde5b4da3e34

SHA1
17a46cac4163bb5ca5441f0d9796608a95955232

SHA256
76e7d2cc47b21ed3dc70578b11fb1ffb61ac8e55165f20f1dd4cf2175fa53ca3

SHA512
47d41942459c7de701977c2c3bbe9adda4a7e0c0f7e70de69d5af4ff90542a905d61fcfdfce8d39e975747ccbe7f3f3e7782ec479ac2e49c65dddee8a16b87f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5a1cfd5e4986f6029f82f76db14e4d7a

SHA1
5ba76a45d26261ea86ea9e1744260bbf6647562b

SHA256
5d98addf8d6c686523d4c7d3133da80cd441514332f6f7e827f3954d2de4691a

SHA512
a8cf46dfe3d8c90562bb0e88d4398a3ec69b2d7b6e16418d8ea392348be2890d4dab5d625f91babdb9477f49b21069656939e543368bf4ecbcba5f4fa12b3d32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2793e1d9b832f690420baa72c6e3e0ff

SHA1
ba03dbecddfcf0a7b8c5920331710ca2a6f27183

SHA256
8a5e34cc0e55790d97e9a505588edcca14878bf29fe75829e3ca1dfa0aedab55

SHA512
7cfd920d121842c1c50372cfc731a006f863dce6a12f870fc94da26444f6467cd93cc40b5289df89dd63b355e030577c17ca8b68465eae99f08564b6e3c2bf3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
96c7738b14a7557802cc572ec775cfc6

SHA1
26b2678afddde919225c05a6506889d1175cd3ce

SHA256
c92d73feea3f5a43624515036d9c16825a363c00391637a1ce5794ce5c022476

SHA512
e40433bfcd274509a05e0e5159ba6d4882c5d5c5f2dbc1e52c87a6e1183ba30f5434b82a9b98ee8417460b427f81dad89f4c1ce9cd29c956f866709796b8688f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
41a0dc4ba99e8dff2b7c14230ebc313b

SHA1
cbb65eb812606330872b34127ccb7912bb1ca2bc

SHA256
8bb8b81933a0c375111b49a560b005e53bc682da343f9bd4a50fccaa932f8227

SHA512
a372c42e3418f09a7e6755ef1d19676d77d263984aef03ea748a5167209db9f092c29fb6ee1b0b925f2b593893d2bd2ae3f07b2188ad3c91c370c8edde5f3558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\css[1].css
Filesize
225B

MD5
7c83a8d976c4c7ae357d9fd91348abaa

SHA1
e3076c140ec7c3aa49d14cf4c668d88bc30b17df

SHA256
462d5a4a422ce5b956b086c4395e0909416f316f6a9a9c23c31ab2778951578a

SHA512
1725e2eb4d12c6a68f4b35a112416e8c70dcf9b26193906a5ef3ae016a3bb5e0a665ad90693f19a011395a23bae00d5227b6525275b3a5b6d6a9eacb562e07e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVBQZB4R\coinhive.min[1].js
Filesize
1KB

MD5
2ec43720699ba70c89f5adf211fc3138

SHA1
798ef9a5855d7f56b51825856cd84ce0356cff0d

SHA256
39f7a131d7976b1cbbf08c89727ba5c1b5c384152ed65bc83198bca315be5a88

SHA512
ef8f3d359eecc4e4234e18ae38a5c2e908bf352ccbe518d35cf956d8bf38b699724ef3d673c984625c2b725640e5d3bda45e363cfddcebaec2102aad7a34c0bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1297.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar12F9.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit