5e0d303b1edc4c6d6813f317fbda5a9a2babee3a55ea427a3c2ee04dbef65c04

Analysis

max time kernel
134s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65b4c2483f203b9ebc6dd1c6cad39eba_JaffaCakes118.html
Size

142KB
MD5

65b4c2483f203b9ebc6dd1c6cad39eba
SHA1

81ea468c57eee7f6e168686fb80cf7c53a74b87e
SHA256

5e0d303b1edc4c6d6813f317fbda5a9a2babee3a55ea427a3c2ee04dbef65c04
SHA512

bf1871682ec27beda87284a1f3e5f807968df2459b3263654e015a68aab4c91f2bd5b909575fc58041065ab49ec29dd594a5eb397215030c803a42ff92f45792
SSDEEP

3072:9Tz6CA8ai72Ny3kUJ28/m5gLK1MrbYTpxYf+9iEbmcBxK/IdKQVNGHYi8zy1m75z:9Q

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AB7E4951-17E3-11EF-9988-CEEE273A2359} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422507075"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2328 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2328 iexplore.exe
2328 iexplore.exe
2532 IEXPLORE.EXE
2532 IEXPLORE.EXE
2532 IEXPLORE.EXE
2532 IEXPLORE.EXE

pid	process
2328	iexplore.exe

pid	process
2328	iexplore.exe
2328	iexplore.exe
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2328 wrote to memory of 2532	2328	iexplore.exe	IEXPLORE.EXE
PID 2328 wrote to memory of 2532	2328	iexplore.exe	IEXPLORE.EXE
PID 2328 wrote to memory of 2532	2328	iexplore.exe	IEXPLORE.EXE
PID 2328 wrote to memory of 2532	2328	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65b4c2483f203b9ebc6dd1c6cad39eba_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2328

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2328 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2532

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
252B

MD5
0a8df73006b8ec7c8d068e72214efcc3

SHA1
3a25f5b1faefea48f8892e6739492cb4a3907a0a

SHA256
19bb88df6c6bae8d33526a4089aad3d95ae3740cb236386bb626fd7fedf67f36

SHA512
b98f42d21caaa893e8f649b0bf66fbb8b16027e0d8be0ae2297a5e8c42650e5929056c0089723a82f53427bcf7bfa7bf9578b2cb4979c29df909a1988b6371fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ca54cbb7d76bf16d927c8cc51b141d37

SHA1
92d9ecd32ae2f96fe2a59d050b8e08f1ebdb1c59

SHA256
847c4c19515a1dbfe9115bdbb8d308dadface266e0bd29f666c2d0b679637548

SHA512
b13db33c801da4335ad7905051ac5fc1a02c91787786d64ae77d2596fb127b20a8428307210d1592524ed208eae3b637453ec72df75a0edc2642593c7dafbbfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
fe8fa9e6e60d487f16d940ef5e77f1d8

SHA1
aef7a2a40ead85fd94a350f907aad79c62609d5a

SHA256
4ad1f09fde1eda687f489ed9994307d9201fef7355bfd1e2fa6f46b505aa307e

SHA512
2139116d193484c88e2fcc064be3a4a00a0404ccf636152a79fc79a00fca9fd1d00639b50b059e475091abe5c64d16b7afdb2cf448238a4f9b7c2a57c6329ce7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
451aaadbef5b396d71e36932e8311285

SHA1
76dede9f416dccd1166cff875a01fec3a2215390

SHA256
c3d64400425918eed3cea386d1261717d0ab10a0c43c9852b7d7466af02485cb

SHA512
30c2003c85813cb4e0cf8c469a3e3abd311e5f2f0107ef592cf477cc1b412423302e47df645808b4dd5f04f697bb639667092fb97a427ac6b0753e7ba72a0c9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
67ac89d494bed40aa57cd5e357d2904d

SHA1
9ac4f17ad3d83f44a24048eae51bc1a695532600

SHA256
24c377926bcb9a06ece0eef42ecfb5e5226c02f5ad3364954b16a12464905d02

SHA512
db2872af7dcdb40bb3fdc1bf3755f932755702d675195cd04e2339e21e329ef3c0d8c2c5baf4dca1024ebed041d4f0b29b6aab618b0ddcb13636ac774a9e3606

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c13214a3a820157abd40c42a019e71bb

SHA1
a1c8f8f7c7e59bb46fa2f531c1517104b1ed31c5

SHA256
d0fe05549791dfbc2b599403fc193a1f71a3274ae0f2eef67de3dcdb71949a40

SHA512
c177db3c83d4d6ce53005ad3171e28ce19a2560dce1fb9feb7e11ee02cc7175e63c8f1eb38b11f800e0235f9599235fb7d18ce48f040403b2020d08dbb789a8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d1d7e9d07cf3a2f094593d5704dd678b

SHA1
bc82918b3857bb12c5b506426aab84f9789c1894

SHA256
119bf1aed685552a0c0ec4cb53425c716efd903b4415d7af80394ce699f9a69e

SHA512
f12c8c00e21652c736363f689e52aaacc611a4e7b1587ff727671f59ecd891b70119354fbafbf72148c7528f55e2bc9105fda7834c48a5bf5923b4adad842a93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
445116c152593ae4ac30b6cb2e52a7c2

SHA1
60399e75f77a9dbb01fbfe90ff5b40647108bbbf

SHA256
74dbbd81a05a537cf412c03a11545beb5b2fe3cbfeaf4afad30b3df2cc99a62f

SHA512
324c0346b82190d7c9be4168c3dff1e4b6e9fd632a64575bb05013ab9b539bb4dbd3ece6f7d185482fb39611246ecd16cdf2c53b738235a92b96192702f9c8b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ae9ab8b2e24c602940761608da9898f3

SHA1
5a5d96f4a6dba9636faca83671de406f2712aa0f

SHA256
188834d060b608747d88215c0403a09efa1b5b2e20412c31fb8668f7ea8fc8db

SHA512
045c7740d87d11bd55ac3147147854bb30ed9b93aea33af032d3cc4c24129871c7d1dc9a81789ed58820b9ced6e1e41e47f5de01a5b27fc70db21f9fd683517f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
13c590823ea17f8fc56811212381338a

SHA1
2b9d0c80bfe266b531c82605560027c113381a13

SHA256
f3d591b97f3a8b0482553c339be85a267ec72ea222b286cfd511ec38ed27053f

SHA512
bf11ffa23b191f0975d1fa04efcc5695709548fa7aaa8f02ce0bb6ea21f6453b76bee38170d1f604dc8d9985f6cb0ccc5eee68517e222cb6263cc7d4ef2c2833

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
b7007d5d72956e510c6576391fadf9f2

SHA1
1906ec3d347fcbec3aeb578e6f1810d911a6d47c

SHA256
beb44754ed3bad75e48035f65d18f990f63d4e9c72d425c926943c532ac13cbd

SHA512
07c04c8dd153f833803f31a8e56085d3004b614af692c10c8ec352190873377c4b45b58be983abaa6183c37db6427ba89c00d7bafb1ca01ad6abbc3b4ed0ad1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab28F4.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2907.tmp
Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2A93.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit