be89c05736f76e09b35ba337fd033dc272e12c67948f73682131c617dbc81c01

Analysis

max time kernel
149s
max time network
138s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68ee312cd4df791d3fb3edbff70de778_JaffaCakes118.html
Size

15KB
MD5

68ee312cd4df791d3fb3edbff70de778
SHA1

92e4bb6a45369bbc70f0813a3a5e59d884f914eb
SHA256

be89c05736f76e09b35ba337fd033dc272e12c67948f73682131c617dbc81c01
SHA512

ef30b601be759fdd7ff2599108af6c6cc52efc425516b7b916626ec27df18d4bc1033a05ae51122dca250aa4178fe2d536b1d19029fefa82e49d1fe5bad9fa34
SSDEEP

384:5UWI6j11l+WYtc8LVVNtW/rMsjfNm7nuB94cSF/t:5cY11l+lLLNtWrMsuuB94cSF/t

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422580629"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ED146C41-188E-11EF-A01B-4AADDC6219DF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2272 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2272 iexplore.exe
2272 iexplore.exe
2984 IEXPLORE.EXE
2984 IEXPLORE.EXE
2984 IEXPLORE.EXE
2984 IEXPLORE.EXE

pid	process
2272	iexplore.exe

pid	process
2272	iexplore.exe
2272	iexplore.exe
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2272 wrote to memory of 2984	2272	iexplore.exe	IEXPLORE.EXE
PID 2272 wrote to memory of 2984	2272	iexplore.exe	IEXPLORE.EXE
PID 2272 wrote to memory of 2984	2272	iexplore.exe	IEXPLORE.EXE
PID 2272 wrote to memory of 2984	2272	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68ee312cd4df791d3fb3edbff70de778_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2272

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2272 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2984

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6e3c1df3db6c010e4f07ff18f8191f1a

SHA1
b94cc64c762cb3c12a1b91fa04b9b488be26535e

SHA256
b73c39518f06ff8b0161b2de5ba9d0141596b598313b0384a26e832b2df2f68b

SHA512
d663204f7f8121fec03a802c71175f27c3de018759e7d0323e38c26e0a6246d3b015255afd154148b37a9edfbfdf5b9e187a7d6dd03bf13b48675823bfebefea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
987c57c1bdf90f00d5767e4d3e09f3bf

SHA1
d9baf478286f2de4e1e3d1cff9af8584dd1a3125

SHA256
d4cd6426c0896237915d67208f5ace9c9a12f042a140e1a2f0d265869029b4a3

SHA512
aac3c6ff65688365638b679b5b0ceef05b7f2cc9407657fbd4ee66dbc1c78dc5bbd5f1e05bc126f34f22c32eda8a3b46e695a850e4ff02fbff60a996e192948a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0cd966a5dc51adafdf8bb4c7dad115de

SHA1
9d4a0b18d83585c17e57ae52bb0cc9f00235a33d

SHA256
e0d709c6e62030b2b33e66ad142c9a1a317804710e51be871ccb8a188ab63815

SHA512
4ed7a5a0d86a1e30289694d5751082559f587bebf29a6cacda9a3bf5a6a28ffd873f9f10bcfebfff170ff8b1071de95eb007f213ec75aa4440d35ef4d09cc01e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
76b9b8eb23776812105dc6fb6661f80b

SHA1
3d2e180cc9a36bde402bffb58a8a8fa29030db72

SHA256
4c87f693384e537e6d6ee8e259b3f96c6b5c68992890838c20c78e9794d86342

SHA512
b570e4e7cf326db18884054470145bf9fb2c89236978343efc06d168d4961397ccbae433684cb5243bb1148b25b965ba7ebd3e3485f43843465ba5bb41e236a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8ff443ef416588a53ebd582bb2b632f0

SHA1
a21e04b8d2d594e1cc10e782bd0ae08838a2721a

SHA256
4eb024ca3188253ab924596a03fd3830364d96f46403dd14958d3854793dfa11

SHA512
11296a0651654e5916e9bf492e569c8043c47547013997594310820499593431a02a6ed19294b0857008ec2f81d64fe0cdd8c876cc95c88785e5848a843df5b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
417552432fb9ebbd57028cda8b48ce5e

SHA1
2c97b97a92e9422a218687e6ac175f3d2692cbb5

SHA256
07af605386c43bb6ccb8f1efc05235d78d38bf6b3c23c01b3ecabdee5a170828

SHA512
d21c31b4fb3b993f39101992862ebf58410012df30b5aeacdb36299e551de3601f343011d7895748cd9349b828430c74e776079c98506f0b20b393e7f214b31a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
cbcaa0e2556f8d3a3d894ac162a36395

SHA1
aea0bc541c51bb2ca172be49c73d526791bbcee9

SHA256
19759b362f7034054a6334300242c00077018e1c0816d3a046669f294160573e

SHA512
87b29c904771fee8d60954e8dcc386cccdf1da2788fe342b1723f21b9451d88f7e876ee70b02dd41208bbf7c09aa9dc5b9c9e2c3e38c18d62a82957c019e1cc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
571c93a14d64e3a5c2a3dd199c655ba5

SHA1
8e3df2b9eb0cdc41ccd5c5669bfc2f4e2277ce93

SHA256
3c429c460e96f0320fe6ca0e8df5ac240e49b8e85e79eeff996903561ae48e21

SHA512
909b95651dd40ebb669b0489c87a7bb4212fca09d020c5c0b47be6dc0e8d4013657c6f8daff1e218bde040647e48cef0df275f4e761099e522dccd87fb97d3b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dd04eea1202f08521466523c9e86013d

SHA1
2247190c3151dc4d79130f5a9bf851fa06b652d5

SHA256
5bbf51d63939ba75c7d987b04f41cd422f7e632f70927e94cb68043228382748

SHA512
9ce5960037373f1b88f43e7c1ce6746cd6738fedaca73caf0127c6fe3f2aec0cbcbb608c121265305652739d06fb63e2eb02f49f6383e0d09cd63488822b9cd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
830c0b75c10e4216fb42f2f80d48a745

SHA1
4e0126a60475d91f05b883d47decf983bb5f8d8c

SHA256
13c547177ca0e1b493bb612b424499e4e04bbde978711f33be7abf99e6921373

SHA512
6bf61f9563d05d7b1e3484ead094a3f434d93bdaf61614613a9c6996b57e7b64907d127ec81e9d65bb8ca103ddb43301de4296cd4b83ea827b8d8ca661a2ece7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0160802f97503a9d472c276f8425a7d8

SHA1
ba75f98dd1197662383ba6166f2954b58aff1eaf

SHA256
eb64705844c129205080bd3d3ebe3cb60d9cf14f9aba19cc1df0a23c57112ced

SHA512
7be4355aba0e80946c2eb854cb76bc58e66aef196d0b29dc01174b5cba94cc197e4648e57c79578bbe50ecdbcd59ad51619897595f130c9e9dab1a23fc5a7250

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5347bd236fcc89f5d2f07db061c98f53

SHA1
908614d5c1a611ef57dd1c966d5eca82b3e3a155

SHA256
46845488cd794910c195297f7f6c2fe644390d425c2eed411a286ddc098d0e75

SHA512
52ca10e9e1cb9030b39df50257a59e82adc8910493232618a222792729c4ed1db96d37cf58b4e1e68ac483407204d0f4cb4c48e68b6f075afddcd63c476e5fa6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4ee77826e58a32c3665d709e1c84d980

SHA1
15ccc1245c96cb9b84b35e47d37f8335a1852e87

SHA256
d0636ce2f5673541552df5efe6bb102c4ad27a82a1bae34e7f7f78f823cd71b3

SHA512
7bdd72fc8bdb895a2c7a64e1ad4529dd6b56c12e6e6bf3552c5d30af7b9305430e2af2592f971f27c57a78620861945cae74020534a660626eb1ce6b027b5a24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9451e09249868f20626542bf50ebf3ac

SHA1
80c736e5dfd72e758bd2faa68be6efa54c5c0d5f

SHA256
9a6bbb464bca64abcb5128cd58d4b6a150caae5530c3b022d313cbe15b129acf

SHA512
15554f6d5d2c8e53d75cf274e5944ad9435eeecc2162f31e8071549d980f9bd13ea65b183fa77094c8c825fb95857f53722f54be6714e86f1ef022e1e96b3a09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
cbd0a34f9c10691c87a9d4555814042b

SHA1
c8f6695e2ed15a355279ebb254c544fcd01d0076

SHA256
eac55c402284e421bc78ed2532d90771b1f8e17827179fe338e9d0e63bc8b68a

SHA512
8f8b68219a55935cb8b0a5fc0d71f40e08d6622cca21f2c77f6be1bb0bf436c043ebbe28a14dac66cd621f2ebb3f2f83c09d53721c497624bf3d7ce7e7dd7a14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9076b5b00b0bf4dbb8fc9ba5f4c48c73

SHA1
7eaf08652def25820cc5857b9bc4e6b1a1e19e00

SHA256
2d9b886cecff1e652e498a4437da636345f8ea2d32e436a65adaca0b06620a7e

SHA512
667e7d0d441f85d74bce2d5bfd01a2c938da33c128af0132f3ea1ebda90d0ca37d622cd046386ff3ff636b1401da5428b25f018ca3e2fea6947fd6a8a4484695

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6f5f20fc81dc26f6441a614e710bdaa6

SHA1
0b0423ad94c26f7649c5a13875eac52d94b7c6df

SHA256
91289f9eb758ff39b765f31c6fc53e57d1e256ada6f08102c2c006f0c7dcbe0d

SHA512
24eacdc20024a97ad6408686af6dee51de55e488d25791a70cae62fa4a59eed23e389fe2cbbf166c55411e722c5ef363bd56fa9edb7dc04c29d5bb77f3aa1354

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e2148085b4394eeeba481700538e1f7a

SHA1
5044f1ed6f925923edb7f5ad1a538bfa613bd26e

SHA256
95ffa5d1535864d0c459db577fbfc6f0f46fd5fadc7a32679efc4d9f1746f74f

SHA512
7cf0a2a801adf0c8469e4530cf932e311f0932a0357c49c6eaba73f4842d2de3c9f91194a8371758179989d38956de67156ebf98f5137b6dab4be14726cd9412

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
fb8fec647b42d55dbabab86a05815994

SHA1
19f3bdf3a9ee798da27d1f1ac07ca6dc42266643

SHA256
b822299e327cf09304d73042bfb795fb8a729aab49751cd066a2a59d09592d05

SHA512
ca0139a4a45b231ea8b1a1bf0fd45996916e639d0edad4d1b0a3bddf9f2169ba1b63b86fbbbbff804f0544de59d127543ee7ad24caea97d028431b0d4c075310

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA4F.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB3B.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB50.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit