15d0b042950aabbbc0fc4f28b7cb14cbfd995d993ef1609b10bc3ab865e75b8d

Analysis

max time kernel
131s
max time network
152s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

654a647aa8893a0f1735e201e34bde63_JaffaCakes118.html
Size

87KB
MD5

654a647aa8893a0f1735e201e34bde63
SHA1

8f0d644dd865c6ad999c32d3fce2bc09dd43efff
SHA256

15d0b042950aabbbc0fc4f28b7cb14cbfd995d993ef1609b10bc3ab865e75b8d
SHA512

55116fd701f5e113ed325512b203ca88fe122f28177a5a0539d86e0a5a6edc8d8f1b420a8061ae432b2e978d6462f13ad7be1a0fdcaeeb48e24180f523ab6606
SSDEEP

1536:eDWVOZO8sf43L11rEz/wk1C7Wf2Ixg+z/jIeILOrwAIm+Y+uuMyjdpN3I7:cO8M43R1Wp1C7Wf++z/jIeILOrwA7Z+6

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

70 sites.google.com
78 sites.google.com
82 sites.google.com

flow	ioc
70	sites.google.com
78	sites.google.com
82	sites.google.com

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422498247"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1D5ABE11-17CF-11EF-B671-4AE872E97954} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

IEXPLORE.EXE

pid process

2116 IEXPLORE.EXE
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2460 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2460 iexplore.exe
2460 iexplore.exe
2116 IEXPLORE.EXE
2116 IEXPLORE.EXE
2116 IEXPLORE.EXE
2116 IEXPLORE.EXE

pid	process
2116	IEXPLORE.EXE

pid	process
2460	iexplore.exe

pid	process
2460	iexplore.exe
2460	iexplore.exe
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2460 wrote to memory of 2116	2460	iexplore.exe	IEXPLORE.EXE
PID 2460 wrote to memory of 2116	2460	iexplore.exe	IEXPLORE.EXE
PID 2460 wrote to memory of 2116	2460	iexplore.exe	IEXPLORE.EXE
PID 2460 wrote to memory of 2116	2460	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\654a647aa8893a0f1735e201e34bde63_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
e79747107e6a0613ce957b317bf33186

SHA1
c81f7b7b546ccdb7fb333967f22b936f7b85e80a

SHA256
2107291cc5906fee6cfb06e641bf482826ae4880d722f05fe5df2848b35549d1

SHA512
c49d40da5631262510c3933f8e73aa96e2cc257c8d204d2ee09e33f13451ffefb008d48b12076852154f732064f04f59e0dab9d7a57fa5d5fec3d194534b197a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9579a18e241c0feabb1d15f80dd07da

SHA1
8394058a9c9fa68332d875aea3a5e6652de7abbe

SHA256
c1cd910121c7d2f8f5e7b71f8e64522b8f7f935c08ccf2731c21866355cf754d

SHA512
634937c68bec8cc7367bc300624223d23b55107b968d13e8c17d5e73e1c5c06be2f5b4af9d76abfd3419119e796a9361fc39d93b484f06f22c8063a974b30a9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4db87ef6bc54dfc29a0b3977e7d013dc

SHA1
cfaec128b8464ef39dd7afc1c942ac3c4910c184

SHA256
e5236492e6ab2239682f501401aa5805a35d70280368bd39421b2b47ce98f4fb

SHA512
9380adac9da6dec5d49669fd6f1df6fc7022dcf8dd157f06e5d41da7f629d662e6ba1f69546323a3f9d48d81696912ec045f3120aab82e441ee1b5ea4fb646b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7092602652fc2c5c1693424945618a08

SHA1
0643e19a67546433835b99bb0c6d9c243f4c7173

SHA256
915e2be2931bb7aee0089524fbed177d5834af827790ba049b7c92f9c870b683

SHA512
42e7ddb00411c6e108fe788a8b14c264f0e311ac434c913ede48a91dbe29238b7a04b4a156e70e9106af224a3b078cb917cb22634e48cdefc0b1f8945ac603a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f95db256c5628e7f20336a0e6c30ce26

SHA1
9f5bae8aade5b1bd6a242f2444fe0c3621c29806

SHA256
b68ad3d0c50e8c6aec077057de4d71e25a080f1abb423ef39258a69813eb80bb

SHA512
1cfdde6f254c92e9aad4396e5bb8ff2fda8fd4dbb142422298beffe3a1cbb3883f9fe1977845e4c10c0bdb89247c5320928d01301b8ee59d70e27fb990a1dcd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba1a10959b0641b6b8a8779fa3ba7200

SHA1
b6425c3bc98e23f4b644102d86d1db41560e2c26

SHA256
1886c242fd0647c6991e027f1573b1b92f1b64bf9784d06affd57c76ac788761

SHA512
cc13645ba4e59a9816a5f3d450b72605c461e7747e996fcc441630dcd416ce5e1c767ed115327d59c93973c71a0d20686c0b2c2c68f3959f261c5daeecd2afc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae92d011f0e99fbda3baf70821013cb5

SHA1
94fc84c8f17eb7cfdbe5a727f41ef74331eed42e

SHA256
cd5fe3fe4c427de987830e5d13148a8663795f573ea3d9ce4614649ff5f9758b

SHA512
5776ec6044c04463c3b36fcbbd5c3ff5cab87b6314b5a8efff9edf626f79a9cebd7e0455d9322b6eac3de76938bd9c85a394ff160387f3196bebf2b1cc1f7fa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a92478eb8d616491e7d3e2a3e3ff36d3

SHA1
2a937876eab54683ac18ce1178c15f8bbb337105

SHA256
4dcccfeb225cdae9f9d4bc9f45bbe1df17cacc69c4e3dd8ebee06c5f0a22869d

SHA512
3b94cdcee1cd2c13ff8b96a30909e66e49fc1a1a92568a560a3aa66eef6decb0d349b54d79e875eec7206a389b382c7a4d983b387ba442700ee66d71bd9b5938

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8d2ae69094af47c0a7972a3707d71a8

SHA1
94aa1baeee539d7cc65a15804140be2c65d482d7

SHA256
60c7ee8744e1cc7d4be03b59017f6c0d269e5f538ef160b0d8d9e8a0ac0d655f

SHA512
6933c23f0bfec66aebe46e00c7a014bd9a1d13e3e19cb0f800cea6f829b8a5a1c5d025b8939fb1ed36967b46eb554388141888bbd4efc2a6d8fa3cf250fdb55f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa568d2fa29270dd48478f6d20e842c8

SHA1
89b715c990945f7f586af180094f79851a4e7519

SHA256
f48d4b47290e4a1380e5b0f4fad2ea41c86c6274c927d6a51e97d9825c02bc60

SHA512
b19d09aba6e6b79579810ca1aba1f0a84cd866aac6e6c480bbfd148629cfc6c57eee46dddf779bb4f912191f700d7c6de7a3e04095cc496f5f473285845c8e39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7665469acd3ff3b43a9ec75ece7856db

SHA1
26fb0db7eb4a05d7a5615d4a888245bcc9beb5af

SHA256
5a7eb3de5c239aed4bd1cc08e628f91dafb0c16f47cda14728dbc4fbcc3f992e

SHA512
afac64dec3005a01112dd09181c0aa6bc29a9a6a9516bf2c81abb7d50a441d24d9ebe6b0142f1898e0a9e1ce63a1e1d2282c487995c295e65854165112a5d090

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
409a67260e5965717d827c892cf4a871

SHA1
c3cf39c7bba6ce902ddfc806e6fb0ea36f9cc8b2

SHA256
a5d1e0cfd6a83f96ab0913f8eaa76f570630329eb4f1815ae1042821d53b7f63

SHA512
5b56242d4f05c1555e8a5a2f8b75e8e3a226b042bd6ed9c24a5a02a2dcc43e9109cd7a965cecda5e990c0bd5129d7b57a071b633965ae535ee4556a0d935a689

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b358dbb1adb39097dc68ae48b3c7db7c

SHA1
78f07e0236ec68c355e93b80581fb4a999ab633a

SHA256
17f651359d8606899074a4ba519683419f411e9f25b8fd2c15edec1e967f6891

SHA512
85e3c38949c9ca0e9a351c58181888d8c892c5ad1509ab590f36f7cff0b8ffe9eb21eb1fa771bb0ddd54bf09afeaad240b5b52ea9bef85bfaf81e2b437a6633a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae67d906eda601856a1d8ec1b9bb6ba4

SHA1
251f0c6e4825ddd6054f47e511ca0a23623b9572

SHA256
0753f76796adcb568a84c734ab7cdc19e9c5e58c0314e3cc418a10c3f7853c7b

SHA512
edbbe3f32342fce417a60530c98f3ec1d4447da83a056e7eec3fcb8d4a6dd614455bbf8f8ccf310844a0a373ee8b23c4ade5a4a09ccbee8fc83e16eb5f96f88d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
038974ea4bb58f9045f240e96748f4e1

SHA1
8c523962f0b7871a9473d648f03f2ca0928e3f61

SHA256
c0ac20ee028690ceab8185038a7aaf349606892dd387e48f06abcbece51cd030

SHA512
0376ebb95c6646765e3f016f664c743de18aa59e9be62bfa38d3bc02edd8249bb6b5ede20548c3080a0220cd6c943aeca5837135fba810f3dacd7a18b02cb1d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
b3c27b94fe7311518a5723132733c091

SHA1
a5df9993d40615a2623dc4de221b0b1c8c892ae7

SHA256
dff3fcfb5d6bf2be87dabb064eafdd39bf01939eac380b53325f52472aff8ce0

SHA512
5eb9aa955f856db3f2ecf15ef374e6341e1eec6609b156909b71c194bd73faf4cd1c57900af7766c0d5da7683ff690389a494ad094c25b68df6eb1f211df1f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\plusone[1].js

Filesize
54KB

MD5
fb86282646c76d835cd2e6c49b8625f7

SHA1
d1b33142b0ce10c3e883e4799dcb0a2f9ddaa3d0

SHA256
638374c6c6251af66fe3f5018eb3ff62b47df830a0137afb51e36ac3279d8109

SHA512
07dff3229f08df2d213f24f62a4610f2736b3d1092599b8fc27602330aafbb5bd1cd9039ffee7f76958f4b75796bb75dd7cd483eaa278c9902e712c256a9b7b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9511.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9768.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit