59f3077e67cad1e316b757f07dfc4d22e423960a97068a7ff00d181a4e52488e

Analysis

max time kernel
150s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68baf1ea49e089f8497c66b9fbffb4f5_JaffaCakes118.html
Size

59KB
MD5

68baf1ea49e089f8497c66b9fbffb4f5
SHA1

63b2a70c8644404bfa57e7066c5f2cb565df04a9
SHA256

59f3077e67cad1e316b757f07dfc4d22e423960a97068a7ff00d181a4e52488e
SHA512

08de2ecfdc33cc36095028779f24d7914c7a79590bc9650b6cdf74fda19040191d9bf47ed31a1a8ebcbbcf294c054b18672a53c33e5c8f8e6d77da94dd8460f1
SSDEEP

1536:oBCy0HPCZQuCXmuzjq/RbyzEDYePI6lF0ZhzeQ2o4Dys:gkCVSr6WKpo4Dys

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0F7B47F1-1884-11EF-9F3E-D2EFD46A7D0E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\weibo.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422575964"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\weibo.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1688 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1688 iexplore.exe
1688 iexplore.exe
2856 IEXPLORE.EXE
2856 IEXPLORE.EXE
2856 IEXPLORE.EXE
2856 IEXPLORE.EXE

pid	process
1688	iexplore.exe

pid	process
1688	iexplore.exe
1688	iexplore.exe
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1688 wrote to memory of 2856	1688	iexplore.exe	IEXPLORE.EXE
PID 1688 wrote to memory of 2856	1688	iexplore.exe	IEXPLORE.EXE
PID 1688 wrote to memory of 2856	1688	iexplore.exe	IEXPLORE.EXE
PID 1688 wrote to memory of 2856	1688	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68baf1ea49e089f8497c66b9fbffb4f5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d891945f449b2f6afbe7a561def2db27

SHA1
33f3897a2b208c4019b54e9d062e59b603c7a243

SHA256
546b2069fd08e4ea1a782d7e972f26ec6fba23fd4ea6387467234d18a8b77513

SHA512
1ac8265a13c8612bf23f24b572f1fe9fd2ea60e6a36360db3b871df9c6fa405b47f4e3160a59bb8ad3ae8e7e51f446e68fdf71e8e0632d6dcc10be6b26a096d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a33d4e8ea75ca658c352f7396a69f0b4

SHA1
f8380837792aed0e40d8a0fce641bcb7ec4fe97d

SHA256
470fde89b3d76492f71c4100260bbd73c71fef7b901fb8b9204c6f99fcd7ea0c

SHA512
4632bf9769b4f2969a62b4853381405b4c3cfc7fcd73738e3596cc444b70c37a22b3990a4fe286bea07bf3dff47ffd210306dfd96bfdac8ec0ba658e89588c85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a403d802373d3d6ffe777e09e4f3b253

SHA1
a43e6cadec098bd020a32366e4c3f42bf675efbd

SHA256
61a12641921ffb46724e574b5a5c909df988aa6a44ce747bbca8a66b98caebd7

SHA512
0721db9fe217133f1dd7c614a7130ebeb72e7ce81f7154a8767a9ebc8059955973a530e4eb7202a70fe8717fc5e96ce13fae0c6bd8a16c8591fef4f401c6999c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d880cc76f99cf06ce91dee104a6ec4c9

SHA1
3abfef7ceb608424108ef7beb35d325198f32e4a

SHA256
2f24ca3f96a0cc58644b8541b0835687bf9d2b9202dd13ea9e18606e3e2710ab

SHA512
ca2e4c9baefff64f76fe98dd4f29888852846003211d7bc4800f7b01c127a2188d1e2e8178cfac738647a9638c3e6f9e64eb4a022366a6f30a9f95850c901f68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
adfd0d7f8be1436e375b508ad3eb8e2d

SHA1
e609dea9836d4545e6382a0c22ca4e05bea5250b

SHA256
284c634f56c10f8b06a21e1c52c30a3f5dee66bcfbb4b2e6a39bee9d1a5d26a0

SHA512
4c84f021852e21139754bc7d275e0d888dbd4cf889c5a899566d97f1b4aac99d089783089af815c7451c035f8226130c330a1a8d729e4389d74605343612b2c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
360000d157a4fc73a402a3b34751a705

SHA1
e521960d2f01e9482f51301f7b4dbc51340d35bf

SHA256
6143575c95b8eaabcfbf7232f5ce4761408065a594e540a5921dd344fd604064

SHA512
3389e5a2e5553b0b072833317e522131b70463da73de2f3d2a3820d120c0800b706afbf1fd5f0c3c53afc8383a5583013832445ce62b7b198189728207989690

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4709c546a799d8c293076ccfb6724d97

SHA1
71cf71712b65a9090a3ce3f0ff0340724d3636db

SHA256
970438eed71656f8cbb590227f09a48430d59ff7ee710fd27756dbfd939d8df3

SHA512
b38583f0bd560c01e78a7414df4dda1e7136ed03dcae5112d10d373a8b20e5faf4efd1a861004670892b8608e0fef45e9f4030c7dae2917fe9c8c24ecb693f77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a913066fd61a3c0dfc0c08f98c5294d7

SHA1
18832c9ad1c4e55c576b15c8bc9398469dd69c54

SHA256
a01d3df0176e1e9bd9dd59ac26e6fadd51e39c75dc34eb59cd5e61cf39cca1fd

SHA512
b62802288aed193d33aaf4c5cec336083324fdde5ef7c7d074ac2577b474c9bc7968e28b34da6540e7c3a77e58f60df3123f141790251eb5ec195b194f5ec847

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
899ad883c3607f614d17fd2cd835960c

SHA1
aa05d3c38abc91d7af18eb600595d43698a4d58c

SHA256
12ff88bfbfdeec98fad52a4909c8f7dd12f9961964a0e726747306b6ae3f94c9

SHA512
79559aa10bfd9d7e5da0ebbb850a997150e48821d9ba8edf56268f69d370ed89f8a2770679357f045bece88a01f6dffdfa102bd0c0da653a82ee86b4d4f42312

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42b79faab4026dcf96abeb35fb45ee86

SHA1
919b2bd57c396785f5a0f609d142ce972fbdb1ca

SHA256
86326b54f6112948ebcb6ccf33f4aa72eec25f7eb8ae6e43b139a5a5cf9289d7

SHA512
3683d2f0d7f5e36fb8b3e7762c9ee7878a9bb3b322d7baaa8eccd3e807cb2e8429d7bab2adde374514343249ffde1aef49f8252b28e819c1860c238293e71e78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8B31.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8B30.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8C51.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit