70da52b2f639474e183589117f0a5680264f2091703bd87afca4663fb0d76bb5

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65b9e10f6d1358c09d3a023a74e4a074_JaffaCakes118.html
Size

27KB
MD5

65b9e10f6d1358c09d3a023a74e4a074
SHA1

ae4fa1343ddb0b5b55671dcf7ad71283b23313d5
SHA256

70da52b2f639474e183589117f0a5680264f2091703bd87afca4663fb0d76bb5
SHA512

b3bb1d27fef04080dec2e4b01b57b91df9b535bd1d7d7d74b5ceadd714fdaf71bd8a2f168d4660de68bb5586d9a7dbe2de4539f8f0fb900dcaa6882a061cb867
SSDEEP

768:ScYvldmyjq+BOPGY78cP8K4kU8/QwooKuB9Jjjjj33r+xNjjjj1kjjjjHajjjj4p:ScYvlc8q+nY78cP8K4kU8/QwooKuzJjd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{834EDA21-17E4-11EF-B1D1-D2EFD46A7D0E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422507438"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

756 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

756 iexplore.exe
756 iexplore.exe
3024 IEXPLORE.EXE
3024 IEXPLORE.EXE
3024 IEXPLORE.EXE
3024 IEXPLORE.EXE

pid	process
756	iexplore.exe

pid	process
756	iexplore.exe
756	iexplore.exe
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 756 wrote to memory of 3024	756	iexplore.exe	IEXPLORE.EXE
PID 756 wrote to memory of 3024	756	iexplore.exe	IEXPLORE.EXE
PID 756 wrote to memory of 3024	756	iexplore.exe	IEXPLORE.EXE
PID 756 wrote to memory of 3024	756	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65b9e10f6d1358c09d3a023a74e4a074_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:756

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:756 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3024

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
252B

MD5
48beda6bc2706d6440cb48ea1c76f2df

SHA1
63597723b33e12b3153540c22497dbe4dde8228c

SHA256
d95aa77dc1effc45057e4303606969806c0b514d52b8b3162fc455354d490c3f

SHA512
f25a549abe5da0b759ed63bdd203c9bf123dddb3670996ac4ada94d1028399d5cb0049a19cb26e7edfeb86babeee884f31c91bd62540d6215be2d9a8e1501993

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1936422716865cb03552e76900a338c3

SHA1
b829e6af0dccabed158d2cc103edf14677020854

SHA256
78c3352242f84f2206b00acb16969f381e7efae5715021cc548081ce0c95dbab

SHA512
42117f8e493eea62362eee31292f3ccf7c011814902e3d2caf249c1556f86b93d611880cf8877ac6834bbbb7a14a11a73f5ebf51d6398f4d62cc53543de1c2f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
668d6f0801e67453dd0647246da4de10

SHA1
9f73f34b33950d90b2f5c1fe314e92d16a1833bc

SHA256
46011c1ea0d247b31524e2c623e99795f403c5eab19afa2b1b32adadd13aa1af

SHA512
37a7e4949650d9b0d55f294952c52049cb2a08214b17a2e86fa9ec1e039ea67eadbab281b733ca952ce7b59546ebc1345b82dbb51482d994770c6cd2465d8953

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b6ac500069ca47e8228d29f987413187

SHA1
bef4111b1f14b8decb4179855abb1b1474b06934

SHA256
5f0c826e75b23709e1a59df2ec5f01d3e09d3b410aa26b7ed0805d9542918557

SHA512
d2f5b7446d7df7dd30aa8ae64f2fa8210241bcc9257cba6a8d908d9b79e1b3e71f15d478bbf491a5fa090f409e26c4b41044f824133ad4fbe8b5c3158431efb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4e31315f6ccf4c9c7df04be1398b421a

SHA1
1dc2ceb09e794b36e339d4239ecab87009d2df54

SHA256
5603fa520a1644bb338152c6d8843f53cfc0a5ad5bbbc82cea510b3b2a94babc

SHA512
d537333dee5ec934bb701a4741cd2f9799173eb54cfea532b2a132c48087b97c99d5cd08529e7732bb728f05d6177cf010d23ff2a2179fb6ac8e5afd4abf0e58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2fc164d811daf3adca2bb671f581d53c

SHA1
7f4d295b27abb18b1492a1fc99bf9a328fd844be

SHA256
b29f7a4fb0e296b97d6dfddac3ee0f827a783f1530d4911c99d9cc74aac44448

SHA512
842cc80481be12df05099f18a554dbb856f7eedaaec2d9d7e6013ca14223bda49369f84082ef1a6d3c75c64633af5faa385feef0ea85054e2f916c1dabf69935

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c8a38b4805815ac5af349be6d112fe77

SHA1
63a816c0dfe1af733b7db233af3ae083fa3134a8

SHA256
28acf1bb14ab10d078ebfbb78723def235c68a239824bea9bb3abbc2cf7770fa

SHA512
8bb2abc80a5a2b9b09a6965ea8ece550ba6a6d8e6ffe488dd72f30fa47af7c0d1587b807ee54cc38d38a2976bb7d80cd861f18e6c8f016d8ef30296beb99ad15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8ef9e863b20d0b25de3ea0efcedbae1c

SHA1
11171b77a1c2a8cf59fa39450e7ada918ccdadbf

SHA256
07447681d5855d6a5cdc1cbdddbc81192c19c467aa36102d2095c22ed4b6ab8c

SHA512
c001ed5f46c7fa27d70f6681f53529bbc2ed0e25286d073bff9412e6dca7cd383f766774ffd2bd93c05004ae659d8c5e7ff631dcfae50c26067fe491e57741bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0189f94ff7c22dd6020db4781a390e25

SHA1
a7b674b2fe779ec574ad98357c3a5d2ec79baab2

SHA256
a9f890c293e30003bc09653900f53b65fa11f814cd75c6d76d0696a4d2e8fd14

SHA512
9670f7008d24d04b19cd6e7def79486cddf17702d4c558ff2051553d0c64386b5f2033fecf31b4174f8d824eae15989d64f6b4bd8ea0f5f043ce065f3e409df1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dfa67064de46f4122b7100510a7670fe

SHA1
21be9b6ac87726148de5f66aa464d1b80d1f693e

SHA256
a18ecc9fb40bed0004ba354dd4fb3ab0fc482ff1b8a6d8c34127dc9c1fc21d87

SHA512
713dd3fc7d63840e5f1f27ab76dcc85ec3088c7712362bd98bd20118ef765a56d3043cf82437a4290d8906528a0c587e15037d3e8c982d0859cccbc78b15ea88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
02914368c38a0582c45621f5eb7b3378

SHA1
c8499c5fbc0bf910549dabe008d3965804a8e90f

SHA256
e465057321d8c06c103ec93a5dbe91987290f7ffc383f4d4f86dd0b5703509a9

SHA512
9989feeff8ebf746856f7bd8b455537b95b9cb22401e8f349ee926b838f64a65aeeb72bbfb76856830cecbe9ad4c2086fae717aff0472f35ad19c87b850ed3a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7ff08a17fbc07130fbad13cece0728d5

SHA1
30f6f069863868338272434e783a1a07c30523a1

SHA256
27f0d4b5ad9b31ff37ee798fc0dbea5fd73ca94650c80f17038540368748b2ca

SHA512
134b51405273c97a4805fcb8ff637a054d1a12fa78d993976b3339916990dc3707ada06faf138a7c407778c2190cd88af111e0ad7c4253d094352123245f8faf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
e11d62d99c4ba80776ad07ff1b5468dc

SHA1
05f5ed3d7365ef6577e98572d5e3f54dad22c34a

SHA256
1d86a9922713c2e13c25dc3e16878391891dfad9c321b59e28ac9c4a3b5dd9ea

SHA512
fcdb8195154cc215c09b823023b8d0a043d2ffa2fb22a00d99f4137d4175b47924ca4e50761796188eff850863089c4e0c0069ca65bc46d32c0d01c994e20b05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1F26.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1F27.tmp
Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2130.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit