fb3b5faeb23a992de263442b9606a6b1e447458e045f58fb2fd15aa8d1b71973

Analysis

max time kernel
136s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 16:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63e86829080bacfc8eb2d7bed8549354_JaffaCakes118.html
Size

116KB
MD5

63e86829080bacfc8eb2d7bed8549354
SHA1

36756f5b300ee875f594a1ad0c8572311b8a257f
SHA256

fb3b5faeb23a992de263442b9606a6b1e447458e045f58fb2fd15aa8d1b71973
SHA512

a0e7a548ba5b9ed6ed50c90b02d944d986d16227ded61bcd3c5fa59c31e479f7a39f0b4c0beb405a1dc8c0191deabe009d4c884f9819952556ee6f698b055c36
SSDEEP

1536:S7ZZMcdyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9w:SRyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0dbad9099abda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000062ca7960c85d382ff363522336b7158022082cdcefd421cd099b308253f30986000000000e80000000020000200000008e0ec8ed38ac1dc9248c13a22fa348462f76e029e9a7abacce1cb325112210fd90000000a30a01dbbd1777bcc91ed6309b6ab58f8faa82b54bd89e62025d61b0e505f4ea428ad0e69b5b232c1c41d309d16c26923139fde354b002125ef5d2fbf460d34f93608400664c9e98a7b8aaaf0271b21dfd62c3e6655d4e3583b47039200e47ff89a5be83e44dc335827a1563944badff7c8eb0b38432c1564e98b244042497b5204bdede8055a8e6bdea42136df764a3400000001d7d7b70939e2e26a1b897ed7e8dd7a4ad06ae71b3c06708312e2ed40d3bbc775d7a9bb6b07f2e5142e260951e352a7a1f03b580492c4b0672bfc99d680f7561	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000001769f654001bc4d1b7f00ef4d3135f0ad2b8441362a6cc4661182f10fe776ea1000000000e800000000200002000000008833f0daf2b174c1d971007808ace79f6e3ace6ece6345f50f370caf97b45a6200000000cbc2731ace65d379fededb17f01a9091014b8416f5a924c8e59086744a0e3604000000033681f4e1bc4da73c900b7d3cf1fc9cf483212e95514509dc7afa616fdfafee7a40ca5a11b4921c7a7626bf3c428e915d655ac965cfbc7b24d28476e0c998c18	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7D16D7A1-178C-11EF-917C-6A2211F10352} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422469631"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1260 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1260 iexplore.exe
1260 iexplore.exe
2372 IEXPLORE.EXE
2372 IEXPLORE.EXE
2372 IEXPLORE.EXE
2372 IEXPLORE.EXE

pid	process
1260	iexplore.exe

pid	process
1260	iexplore.exe
1260	iexplore.exe
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1260 wrote to memory of 2372	1260	iexplore.exe	IEXPLORE.EXE
PID 1260 wrote to memory of 2372	1260	iexplore.exe	IEXPLORE.EXE
PID 1260 wrote to memory of 2372	1260	iexplore.exe	IEXPLORE.EXE
PID 1260 wrote to memory of 2372	1260	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\63e86829080bacfc8eb2d7bed8549354_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1260

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1260 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2372

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
70bd0ca2b1e49ed000756373c72168aa

SHA1
9675adeda1f4290dfbd8adf32f158847c9f29a06

SHA256
64acdfd5721ec5c285c3afaf082b431d6c21e3bde6faed01478c022a64b486d4

SHA512
397e08334a40b0c1e88229bf615cc1e7be7222753c9d0114bb6080742afed09abe43974f43be230cad73e6b51c4604a926d7c1a8179f5cd739a54e44349a7744

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8758c6c3c9debaf0f662bd945c7018e5

SHA1
2872c95c1e2cfa728ea3ff74bd5c1b9c44ab6ca2

SHA256
9bb49bfcc431d98e6ae1859f4e684044f0e4314a521bb5cf5297e90acce6f0f7

SHA512
2fb6fa5a915b146c6e9018b3c5260ae5035b6cc30a65f763ff574de75ff72ca6f051c1b4cbd21e6523466f7f502c16a34da057f17c72437c07ca7e10df2ee23b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
31638ebd1342bea562a97197909f50e5

SHA1
2ce663964518a47986c9577e3f2dabfd4e1f4b69

SHA256
d1535b1a851f8d51c6c55cef83cad6b511edac04e36fe3de7f48029f8c15cde4

SHA512
e0f05e8cc71f43e87e1e193eaf013e61680c707a54edacea4a5ca43d5c853d8472ff9fe235921c9954e461fcb075788ccc9191a157be9ce0bb645045e42477fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
11db6ab95553ee122cbf2f204364e2d1

SHA1
5ef7a3c9414e7ab112205e830ce0c56b2e731646

SHA256
e7219eb8b366f643b370527017266f9dd5bb934131062bfdc6139dce1e2b89eb

SHA512
f4ac8be9e033110ff9a6de793513c99a8c5c51ccfed45ece4b61a9bb5ab8ef06a4c53dea7510e57280e5f2f7bfc08187ed95781322fcbd62da596d61b102c22d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3c6e37c6202c8644dfd538d1e9ee67f8

SHA1
e51ed94a2ccfff6224725ae902f1bf47fdff5168

SHA256
bbadedf537332c4bd9f54e25cfd481b4e9e42c31440634a78cf306d4284c28f4

SHA512
79c78763e76633544d13ea4199ca58fe800c383cb09ef82bb6a3e7a8948bcd9067bd1d99f1f9981fa9764e77fbf3ec1a1c6e97ea8f0d9616a8fef943d9cb8481

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d014121569fb3d76468c7df90f3d98c0

SHA1
358219e01be4bbf721bf68771e728dbd36dcfa92

SHA256
217993a6740f15f3b0be48be2300adcd1fbe126528b3f50ae41dbb56f0fddc98

SHA512
5eb1939066dc8f575333628a2536661ac8e68269869dcd9842f1ffee443844361f5bae6f236fd18a279a3c03f87edcb5be82b109570286a96bffd2141828bbf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a1cfe7ba456f44e3631a41438f3ab51d

SHA1
c0e8183c3ce190568334c6a1b8fbd8bee274ae37

SHA256
385d947993a9089a34697ba7131aa07cf94fa401b2b6c3e3637c77a3f7df7686

SHA512
5d2d57bad9083841ca3a255b6f0eb9117a4bac876820a1922634f0c6463ad899a4c5f95cdbb9f5331a00d6371b4ac215a3d0b3b965c440efcc9b152117b7296f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6fc07ebd1151166421a7091e0647f146

SHA1
55b05d4ec5ab52fdc1ea7bb249ad9c663de44db0

SHA256
e58f20f505907971ecd9a97a29bd0b26fb74340ed21bee8773175e89d461908b

SHA512
a3d02d3d55240c430b586cc4c07add56f300110079979642881a3c34a44fdb14ef7271985684150c195f6df8d0a379c8cd97bd7d64a7a7d59326e4043f54105c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3e4248c548355145a3d614d89dd3c3d7

SHA1
26a8ffb2769d5d36d76ecca14ee292831c35754d

SHA256
e17afd12ca51d57c25eb89c1cd7a8aead5883a22ce49988d86fed0ddf7a43250

SHA512
3fdeb546872aa0d93193c0927e2f99c477d6caa2461290d23a326f8ed10e8217c2b36dcb7f6c6c57ed1fa6a62d18de04828d0272eae10e5fd5eb4c26fbc28855

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c57a3fca0bdc24d5bf6595c8dc043d1d

SHA1
362fbbcad5f4acc690518718b5cc42c209132150

SHA256
4500099bae357eb5b27b7ec39569bfae5c57867165a9907efc67c165769fd613

SHA512
0df02b8151fa877b88ab4ef53c942b687bfd03203ba4d6078dd415e3c8870d66734a40a851ff72f03401933e2af1004ad98ba7d6d70fd7ca779c50a9cdf5c21f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e6ae2548d81f126e72c38c90be640f1a

SHA1
067a91ab554c75571c1c1f5a1817232b53727ab7

SHA256
55e3ee9311cb61c6f12aa59a69eb88e88445d4e622174bf5d10108a44c092e92

SHA512
57b2c6d1d1dabe21c626f2fc2108b07ccf7aacd8f57d22ff90b7aed18cff738fba7796590d7fb28e0127c355fe7e063b6845f44f6ff2d07986f3bee5721da7e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2711.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2050.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit