98dc66c240515a1d07ddd0a624373a3e04d480408ee5a1503c427c4dd9a16c2d

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 16:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63e8f5e80e31557ace3ec81a8bdc7067_JaffaCakes118.html
Size

258KB
MD5

63e8f5e80e31557ace3ec81a8bdc7067
SHA1

cd1a5b75ca20328a816cd83546d32a70f2e98aa5
SHA256

98dc66c240515a1d07ddd0a624373a3e04d480408ee5a1503c427c4dd9a16c2d
SHA512

1664b18f31c7c0fc2d74a1748c7465abaf5d1c985369f05dbf922ab12638709f644294f3f0e84f71a1e15ecb3acf97a77776bbd4a494d7d670de28f34d1c0a32
SSDEEP

3072:lU8hmtANirhB9CyHxX7Be7iAvtLPbAwuBNKifXTJ/:Lhnqz9VxLY7iAVLTBQJl/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9DE2B761-178C-11EF-B937-729E5AF85804} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422469686"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1720 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1720 iexplore.exe
1720 iexplore.exe
1832 IEXPLORE.EXE
1832 IEXPLORE.EXE
1832 IEXPLORE.EXE
1832 IEXPLORE.EXE

pid	process
1720	iexplore.exe

pid	process
1720	iexplore.exe
1720	iexplore.exe
1832	IEXPLORE.EXE
1832	IEXPLORE.EXE
1832	IEXPLORE.EXE
1832	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1720 wrote to memory of 1832	1720	iexplore.exe	IEXPLORE.EXE
PID 1720 wrote to memory of 1832	1720	iexplore.exe	IEXPLORE.EXE
PID 1720 wrote to memory of 1832	1720	iexplore.exe	IEXPLORE.EXE
PID 1720 wrote to memory of 1832	1720	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\63e8f5e80e31557ace3ec81a8bdc7067_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1720

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1832

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
252B

MD5
ec34e3d9868287c9aa55addc29a4f5d6

SHA1
c2e6c5ccc088bf1ceef966ba4e77fc0b556a3688

SHA256
3127fe380e3096e057e05e4db5ca570b4004366a16d63d82eb574e4b6f1445fa

SHA512
e66d4abcb65bf8500ea4e5b7fbf1f850c22faaed372c429c0fdc3e7d1d4b9d65607c4ed4130de64fdbd188cd5904d0f1a774f85e4ef24ec9b295b086056851c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
410f5648641b6e880b53943ea9755459

SHA1
1e6e2a7475edfb709b8fd357b71d20e718bee28a

SHA256
98abd65fa14491d9686db44f923215c7e156501728a39ccaf850dba2d08da34c

SHA512
7b58937eda126459becc7e902b291c8fb8ca7f071369434a0d65d339946a6de05e3561beec66571f740258e2c82b7ebc098e38323a67f0bb9bab599f7be08088

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8a0afbc9a8f497028ff5622aad0f8471

SHA1
f7ed949f59b076e41dc068cc48d84232757f55e5

SHA256
c6795d2538282d18a53c5575665652025c511b352a7a72390d6fff7ed1a5479c

SHA512
9340bbf921d5d05a48d2035b518f1e46eec66f09b8a0015fe8a6733023ba80ead0b52acf3dae3b248f4cae2ef8f9facd8cde72f25c4825fe6207d1ce1d9d3e10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dc88d5652aefa45451d45eb99abd51a2

SHA1
53894c7727437690c858ec5f275ff499354ff5eb

SHA256
b31cd36b0657505827a882cbf2ab3c5d9c3890748ded6573dd7ff00ad52ebb6f

SHA512
e0e2fb2a649acbea343a77edac7ddee4d18a01f2f87ed70eaeb0b5127fb543cc26c3334d7f94b478c6c5e36502678e3c41484955c24f205de9fe0b724f941e0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ee912836de032b6f6f47e8e7774957c1

SHA1
93c46ebc2395b82796f4ba95262899dd25a9999b

SHA256
b9a857c16bdcca251433a115c8d22a5d6f0a68995c638f108e0ef45de4344a12

SHA512
78a9976b276b93fcefb56f607d1ceadf1f249a6c71cf13f9007a63a5a77eeb1c29cf1b44520b325a894eedb3a4fffad26e4e9a2fab4ccd80108460b8c8383a96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e32e89de145e7d906f3430bb6c9474bb

SHA1
6df017be2e5fee42564f25a721e292fe25a20554

SHA256
e180fa3c676e50288d48a10e9a70c61628b9ed32a2909b0e579508c409c8d8c2

SHA512
39e15876e39b1b82f000c79ac410eb87b4e132f4c2dd833954a2be183da76b46a1b0c2cc8aa4eeaaabef66b193879c3bd7b48d806168cf042c29b65e1070b15a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4f257bea97564a1c2102d6eaa83d554e

SHA1
e0c46fe584c80892c382814911c222b222251e98

SHA256
3e4514933666062364db3f6a947407ed3084fb27127182d5e67e852ea2b9e676

SHA512
20f08b2844706d4fc5440cc22a4168fbc27c4b475fb1e6bf8e25e5377f582fae7ee3a035b1b006efbab354f6ca861c2fb26b5d0c64e3d4defede1f2130125ba9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0ebe280e5bd74ab22268a5d3f0dcc73e

SHA1
7a2b7382927eac00463a995a973901e1575ea10e

SHA256
19a58860c14c1031e35d147b04af88a47c4c950304b4aecf21b8d70d656665cd

SHA512
18360db7857f98cc9d1a426fc444fda7c54f78f1339572c6bd9076e5f11ba6fbdbcd3b838c5e07cdc2f69e9013619855489a87b27f7fefadc8562265a7f45459

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a461bf1b41a345ab0c4411abd324f822

SHA1
5dbad5947360e6cdc723036a982bccd1513eceed

SHA256
9e8135def6668151a539f78d9f70c7eb917204b3e7e1c5cb3ff719b751fe7578

SHA512
b1a2747bce1573cd69fbafce17c9437090615eb63f9276a31f2737b1dbd5c2bf713d0b0717d8779d575457c79daf139a0d68a77e74264b300078c029e16eda0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4076c7e8d6ab6095aa93561e3b323e6b

SHA1
2ebe221ac9a13f973bd2c676058c3e7fa88dd4ed

SHA256
f139040833aaa4e356dcf4a7ee553ce6a317ac5667d9a6cea15c8aa147659954

SHA512
3bec9d92acf3774650932bafed7c4a4929dbb98010fb55664824bab8cbea6452a443607ba8f79359886a4111bd1a64e27dd43325829f318d565e49c9e8c9d20b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7e61b3f90fc4b9dbc82adc31ad029c8d

SHA1
67edc473507a4e46d98e8ce631f659da000d1f95

SHA256
c49053df0f72ab71df9308e0a5d632260ac575fb4d0dc3637ed4654cc4eadd3a

SHA512
4af63d85a6ffe3f67233d6e5105454b650373fa98919a36dba17eebea8a1b0fe8c518686b429e3fde9e88ca6095fc4b85729828950a551875ec237d1b33a2fcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
47a3fddc32d0ce23aefcd24e710a7387

SHA1
1d11d4d2d14e52650e556b2f825d2c956f7927a3

SHA256
766dea9f17f98d8c0537351419b751622b3a6a52e8678a2a7cb28377fa827f99

SHA512
c0c14b478bcd872fa46e13cbc2888837e556caa559e6e5a53b166bd9a52c67e71fedf443b47722e15ff1d981cae1c3f19b3c5b6f01af037286bc86bf12f3c131

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC22.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC23.tmp
Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE0E.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit