a46a5b90062b1f5514e9fd555291ba8a80bf5cdced8ef50eee0b801eba35b273

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64873b8a84efdfe4af52d60b1405a64a_JaffaCakes118.html
Size

138KB
MD5

64873b8a84efdfe4af52d60b1405a64a
SHA1

76d73e3bdaaa2dd9434116c008f1a44181504a9c
SHA256

a46a5b90062b1f5514e9fd555291ba8a80bf5cdced8ef50eee0b801eba35b273
SHA512

88d6b5a625e416418d18a6cdc8d2c4d724cf9e7670f5879b035b370da422c315b6a19e7f561f738c6cb29d6439efc5c0effb93b198f143f9c9d236311b0fc2ee
SSDEEP

1536:SkN90vt8nliyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBw:Sk0veEyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422482468"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0af3d76b7abda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000002b7581c398e9ec91918260099d50be11a6e7d9c7cb60fca347384072c2f611e2000000000e8000000002000020000000439daa1d2c02af972cf3c655d8d18054ec271f1cd9353e5fa9bdd8200b935fc690000000047f549b4c64f91890a193d8303ffd3ba689d6d0686635c0b84ef8e591c8c3b69f25153cc74b1d7c4398fcc01647ed507b366b8dfbd773351131141de0324a8ad341df73a9b1593e96bc5f363216f69f3624bff669e41716820fa4deeb5285aa10c6f396d6fa028e8a9c9ee9be99e78eba1c3010a6dba3d7a8bff015dbbabfe048542b821b92f46c0cb61f03d413fed6400000006d00a15e252f63f77399fb7021a608382d2f5ad5109efeef29f972e4365c5e12fffbfd7f1840422d948fcf06b8f1d82706d40886cb68ed26a06a92957bb5fec4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5FEA2BA1-17AA-11EF-906B-FA9381F5F0AB} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000004360b0b8ac77d15bee3fca8af7e6416b6bc266487c5a3a419342b7fb47965c21000000000e80000000020000200000006df046ce6024561b4411057f41f76107391d3f3698f3219d231c1e0163da693820000000328dcc75fc188549ca622f2ed8960fc13dae5cb5c69ab5296d91090dbc6d2e7540000000423ea1e028b2482e41a310fd2fa7ecf2465b4aff03cf2c43cf52e6535a6dd562c16d1345074f35d0d6c2ebc9256016b2b577a272f312de2a6e2c07239868c672	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2480 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2480 iexplore.exe
2480 iexplore.exe
2456 IEXPLORE.EXE
2456 IEXPLORE.EXE
2456 IEXPLORE.EXE
2456 IEXPLORE.EXE

pid	process
2480	iexplore.exe

pid	process
2480	iexplore.exe
2480	iexplore.exe
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2480 wrote to memory of 2456	2480	iexplore.exe	IEXPLORE.EXE
PID 2480 wrote to memory of 2456	2480	iexplore.exe	IEXPLORE.EXE
PID 2480 wrote to memory of 2456	2480	iexplore.exe	IEXPLORE.EXE
PID 2480 wrote to memory of 2456	2480	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\64873b8a84efdfe4af52d60b1405a64a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2480 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
beeee1815a4da8164330b6af2303ac3a

SHA1
3cf4058761bce49070fc230965721e8d0e45f324

SHA256
563a68395face716d0032af639eb3c4483eaa85f8fe1ab14537b2dd90e4dde53

SHA512
dfad0992550df6babe61461c0f9791a4a277572047ec8eea3e0aa52336bbd65ef57a42d0a662e23259d421cd8fcc0a660807fc2255877325e7c179fb1217e7b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a07a2379a2a5db6e1a71c60e0ce5e343

SHA1
6f1a3a1bec80f4bf1f954b7c2199a40b9534173d

SHA256
b5f799ecc4b07e9670bded45a934237a0e1bd8c65acb93fd44d97c2d7d005575

SHA512
0e704eb3c2e99a3282e65e487b9bf5d04b7b4926fb3e90f82fd90990af0e1bec5d7aa874b09f43dad7442e2803c0302bdd94e66ea108f7acb10acf8d2bcef4a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7c5fc22e46170d29be848af74c798e5

SHA1
3d569860adac169314455c922f61c9f6f697fe37

SHA256
fcec557c76f8bc9375bf6b8218efe4c41fce9ff6c135fb7424f979137659aefd

SHA512
2c8e82e759c20939190113dce527204bef56d93935421f54a403d371447d4bfaf36a61b3894628db05fe908ca14b701c78a02821bff811301ea1af36c255fc6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa7114cabc08bf5ce3a1479ec47d9f99

SHA1
b52ba7496cc133d0ee00359d95917bcfd5b4f770

SHA256
43e527e3cd5ff5c9926b7435881578beeb993cb3a9eacbb382790917a55667fa

SHA512
0b31d9393b856b740334c8dcb5144488b7fee193a788d39540223e410117bb33fcc827d6d3ea5ec4e9c688ab8ec3b5a4207c183d2af4a590398cd423f45899b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd67e71ec2e06303658d9622cfad8d53

SHA1
dbc873e985a14d699f34e9f382c801a57dac2ede

SHA256
c8479fe7226a107cc61c18c142e0bfb0ddc6c6efc8ea3ff652230b96dda263cf

SHA512
036a795aff2f9165fc3e307e96660bd127eaae34911f75d634487585a8ccbfad7bfd4df15f87b71098ce2108d7c6fc598bdd731272eac526e7cf99aff8c60ce4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6da88c8a3b6d069ab09e79a2fa20958f

SHA1
e9d08a85a648e5425b209998077f7cc3ef848c49

SHA256
bbb6c80214e4a81067da3e8887ce1c7f2ccdbb7736af16c7a9638c8a4e365a9e

SHA512
77cbda074c607ea9abaf3f80ad9ae0b542618eba45861818ac094b75f7701a79b53396166b690a55ed5da0dbfc14e1754e8bb193251fe05dcac131791169d102

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1007feb91fbfcaf07d62c1a70467b21

SHA1
5bd0dbd363ad8d57c3201bca79a7069e51605fbf

SHA256
62707c46afbeb1ce27c0c87818ea5f64559eea6215c6fe94957a861987cb31b7

SHA512
17bd75effa5e49b94776dbd49b8f591f41b096f432951f3e1776530e7be5adbf78727d4a666e059939c486f7c3303a20b1fa5a39359908f19fd9ff73920c5c19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
344764fb8918ddaaf8e8e066bf3faeb1

SHA1
5fe15d052464850afcec22cb54294d8a480b27e5

SHA256
f2e18060aa289901c1c40794a8b4000a7b5a1d26adb54069c9f79aa114e52b66

SHA512
900011fb529526c083af51310fefe7b71fb6d2b398c7f105d4d24efd7ece9ba3eaff27815878b1cbee3e926c1b5794c19b380c15435def8b3e7eff4a40a6bd0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a31ebc1e0b6a3948511444e368a16ff

SHA1
024d17a5eb41bb0192052fe75bee5894669f202c

SHA256
7f7a71566c67b173e2b45391d4a45fa90d00a13d8fb8ca41a954860d25ce8fa6

SHA512
a2def8edef4d3f751dc621a0b0bfb504f1080df6b8c76c3a69e2bd44387b04ef36a34b88c97bee21e11238df3f16245849b2d9afcdf7f23d319346068567a491

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3cf18beaab8883699b0a65ff146be28

SHA1
30806a2af372f8edd30b56ccac1e9d41a63725a1

SHA256
658ef5c9da824de39ffaa4897784a2115432a2461250b5717549caff092b3e83

SHA512
ad22e768531b673243423dc57524ec67a960387fe52f1e54c2952e4747cabd4d245edf93953846981573faca1375388110aa8a37dd847ef6e41cd6e8e00c38c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edd72789c413dd0d361d538262e7bc9e

SHA1
7843a70a40f23ada913ab59abef15066a2950381

SHA256
62404251c8595738584b32044e7cdb14d8e8a8de1f0d4ea7279a4b4d2fd428e0

SHA512
0f8f0da68ba07cdf72c608a261839abb8eecea5d67dbf009ac0fffe620d34cb01f3affb772d1d8a9ecdb9c75da6b3bcd3cbab9f06e3dd82d16e2825946f2a486

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49d37dac25c789b90406f809697649c2

SHA1
804900523e2fc2192354bcd72ee739cbe28e9393

SHA256
89fcc63c293dc0642b917e17897e9ff9af198df14a475072efed73e28622577d

SHA512
fe7d440fe06a9382011ba3b604dcbb0237ce5e4966781a94f7139bbc9f0c6bf72d7700086dc6c9ed29a6b8f3f5a94228e257621103e37328b957a789f24d2671

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81214fac7727070b567ab0e932daed78

SHA1
4396df1b190d73047b94c20f1129a0eb051bfcc5

SHA256
da8968ad24b42b6fd7f14a9c439fd334b33389a51536f7bd8bb6f3b1a4b5329e

SHA512
3e4d12a5fb0e523734184deafbc95a4c8d0ae990c6c2c3f66c2273d747c36daca04c3e4fd8351daa6620a93fc93d1225ded4c3c3103b020396d98db7a85db57e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f6b9d8e63f0fa37c6a93fa0e0974818

SHA1
f4773b58163bb6d46d3216fecf5f08c1807009c2

SHA256
3cb35375b85c6f22df18db24994b33d31e4fcdfcc4af7776cbb8802b13446edd

SHA512
f15e4aac7040a76c9b94290418e3f02dd9aa2f52675c5a3e99b0b7732f07ff4509c3adf5d27dece4aec1212d4d399170fde7b0519f5b58bda1000bb2e8977118

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e0976af5f0c08f48f143eb86526d26e

SHA1
bb91cbf65523acb65b93b2038e32fe5cd9638aab

SHA256
4ff596f635ffa1379fcfe5191c328dce262edc3cf1d856e15eda2d0d23f5d2dd

SHA512
0539e424fa9b58d625b9c0dd1df6bc52202e592d8fce49e8f173ba654a963fec4e04135f732fd6088d2ff18659ab182a1e94da18c4927065aec503c3535ea56d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab255E.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar25CE.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit