b0a1f0a9be101f6e4f9d88b318e9b3e90f50d5392c93796a17f765376651b1e1

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 02:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65bed0ee422d0e1db98892eda1b97b08_JaffaCakes118.html
Size

461KB
MD5

65bed0ee422d0e1db98892eda1b97b08
SHA1

e25094d5c5ce842131d78a2a36bf27cfba5a81fd
SHA256

b0a1f0a9be101f6e4f9d88b318e9b3e90f50d5392c93796a17f765376651b1e1
SHA512

ad10bd30737d4155e37f36844094e2d809d0c0103c3bd4ac9e4714fd126e165cad9d679e142f364cdef8f0f1519314959e5c05f2072301174a26cb688acb0253
SSDEEP

6144:S9sMYod+X3oI+YhQ+sMYod+X3oI+YjsMYod+X3oI+YLsMYod+X3oI+YQ:A5d+X3l5d+X3l5d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000019461a733578c942adb9adf02d6acc0900000000020000000000106600000001000020000000ed8c928ed82c0d0eb9f1af414e79ff50f68898375ba98949d40dddc8c08134c7000000000e80000000020000200000003fa6037302d3df1bb3bee6ceb7f2097e1ed074e4a82888e915333745bf60ef76200000005cf059b4c05d3c80bd8cbfd3f9ae06faa8eb514e4f2752456bef01f85539824740000000556b3488f3ab4e3ef8adf6334e68727cdb0fabf532db8d4e9080fec72fb65889a1945729edebf80c6ecb0488c455598425c3e4f76ece4ebb1f07e462423e1fd2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422507903"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000019461a733578c942adb9adf02d6acc0900000000020000000000106600000001000020000000e6eb3c3cdd3bc6614962524dc2ea440538cabac62de3f8c7d5801eae3544a91b000000000e8000000002000020000000d31524f7a86c38c04f3baee4b516321d7fdc8e80d41e2a8c0979643de6173ef390000000c67f80db1ffe862f4de949cc646c512258dfe5b91133a5a7d268992f16430b747472ff8f46c9ec4d8239ca52eb72f9b1211040ff1b6c18c3dca9fcc96b0b11764eb36040c23d6ac2b399173662af2181d208b0dc9e8cacc130f05bc4ab21a67936eda5308c2319cf92bf99120d5cef3e00c1da188370d1d6a85baa3d068adba3e9f488a7fae8cd7dfa6e4197d62f2af540000000efc66c3fb3e74f21679d5a81917fa470bbac1b089a9a6ce1acef576c77f20f1b0a365f3bae40b8820287748155bcefd0d0fc28b730e46c8f2c0ccacfaa510a7d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{985631B1-17E5-11EF-A4A3-CE86F81DDAFE} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e018d570f2abda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1844 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1844 iexplore.exe
1844 iexplore.exe
2536 IEXPLORE.EXE
2536 IEXPLORE.EXE
2536 IEXPLORE.EXE
2536 IEXPLORE.EXE

pid	process
1844	iexplore.exe

pid	process
1844	iexplore.exe
1844	iexplore.exe
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1844 wrote to memory of 2536	1844	iexplore.exe	IEXPLORE.EXE
PID 1844 wrote to memory of 2536	1844	iexplore.exe	IEXPLORE.EXE
PID 1844 wrote to memory of 2536	1844	iexplore.exe	IEXPLORE.EXE
PID 1844 wrote to memory of 2536	1844	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65bed0ee422d0e1db98892eda1b97b08_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1844

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1844 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2536

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a006dd8b0b58e50f1ca19bb11be3916c

SHA1
c2631e19cce7d9fb1cd3b2ebb80b32fea42ab458

SHA256
837299af60afafedf7bfa3f8916e235b1d77cefecce535426dd71daea8a6baf2

SHA512
6271605aa79f521794137c8119d1cdab36e8c1bdca4392b9d042bf57324143bb4cebdc59c022d86a2ec487358538882b1e2ed9e8dcdbec2198577257a0e8a8f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e302eb006cf937e01c98f3b4d4c965b0

SHA1
e2d5f056cec4ee03f79a63adb6c0f5b843d16c9c

SHA256
467ccb2650169cf9493fa91dba76d991b2e293a469183e802504e850bb9a8f50

SHA512
07c4033bb23f0289c2b202e0f13d158468731c550a4fcbe887e7071a54c413eb43de021e0da3c575a0ad6aa3ec7260f782391ebe334a8b042f9dd94588b5de1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
70b8f2aa1f6560176439c5bf4ed00759

SHA1
ed3994db793e6e37eec3a1cca6e843e7a2fa5083

SHA256
47e9659c4d9328fd1efbfaa3e7297859f185887a252e880333df28829e4d13ad

SHA512
4d86abe7399b0fcec5c251fc4d162e75c7907da8f69c110c3cafdfb3e3d6024b0d80dafd7a5794d84089a80d6525dff550ac70b847538a90b6d6969316fc4f78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
cd4d48458a2d7e113a452b3146144283

SHA1
85b628e554ecea2a7007878a3613f27d5442862b

SHA256
174ed49f80052bee71230d92632e4bd5258d532c55611cbf1838b0b851df8e5f

SHA512
439ee04f89618e6564200340f3dbd4bf41c6761ddbcdde0609ef8cbf7365ab8cf1ed3cbf44b729ef3873526d42e11e62c3c198d274e9fd334e19e8041b04997a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f88a061b2097f7ae0169deddf33c8863

SHA1
88acc00fcd7a46df8548302ce5113c7a8e77859a

SHA256
7b3a716eedaa06b9b98c759a443c953bf1315b50af152dae1ffb6023054f7945

SHA512
c625aeed2c4573aab312cb70aeec55e415f3ef403e622ee4d4832e2c40108680cff98be9545f745fd70bb6246c5dfb80a43df4e1506c0f5164fd9645ef3be12f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7c65ffd21417aaf0d821a28d7cfdafd2

SHA1
20bafbd6bd8a2ceeeafe28a3598bd6dc65a039da

SHA256
42c9ff649ac45ddfb2b1f79691d57214613b1e416d9f9e78ed2cc4a0804aa5df

SHA512
ebf33e9702a63dd816b9d771bea16a5104b3c32295f12fe1088c19426b764638bcfbe6c54af8663947327a170edb06d56bbb9232afbc6f069ab23e08093e8ca4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d8f83aa00060a128b95ea0e7593d8ff2

SHA1
0fb075b58547c6a27dab1a3fac46be60d1f41690

SHA256
20789e57eddd69b10835134fc3ae5a4a13145c80a774f63d67de27ec987d8516

SHA512
56ec8b51ee766fa0b45c4c01d9e73b1d9983b28a5b6e846a52700e3a853f9b2df246a0302be592fedf853167f6f898fce2c26f868c11ffc78f11409284cf2364

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ae56a48c09550946770e52b8e0cddd0d

SHA1
1419230124416d27f95c50b2d4788ce8131b3785

SHA256
67ec3d3a9467305b7d0e499440db5924a56ab08747f014200c2c8d2e94794b98

SHA512
7eb52ade4e3f4dc9c9c2c6727894e0ff84dfeb3d3352f198ab25892384844c2b1952293ec235bc74400ad67d36b6ee601a90dec62715833bfab926509ea55315

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b457444c6f1a42b188d9cdd3729dd07d

SHA1
ba254b7c30d963762c829ab9e60c2af75da0d993

SHA256
2f372b31c2c763975530b78b226271e7735557c1ae8a48473d5e48f42618ddcc

SHA512
1e4da0b1ab0a8a86e34eabc280b43fd7d8952455cb11a986d1700818369a227f5656650eeb2f77dea0d3d53af61463a764784b0c623ef425e07c4de5cd98ad5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
34ff95ea52935e884079ec8653239a9c

SHA1
b9545c90a1b8d5d71bb7487b91126c5e990f5285

SHA256
4e466ce8fe2e2faf929fb334ef49432291f407be88e3b4b3f8014e8666cee25c

SHA512
a25b4fffb757e0d1a05472f0b6bbc66047dff430e5eb92fe5f1860737d1274fb12dd6315b5068e9007a0afbd13ebaf5ced0e51f51e6c4adbee48d065d949ceef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d53cac39abb11ee471bdbc7661ffdba2

SHA1
4be9558d47c2043cd89fbb684609fdf4505406b7

SHA256
50320c494503e69e97a6973a64fa37feab32f438dcdda510ded0e64f5ee85643

SHA512
f874d8dc371f6c441803f49d6c263ae2a33b7fa8e2dd0395d831d5d1efef61769983f209f941a84b95c94204b0af7a20d32647a0a7b0ab42ae677d234847f4c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ddfc202a68e68f7a349a79c12b440732

SHA1
d83916080a60f7e1d3cabc856aa5d41f99c4fe7a

SHA256
11ba11857a33624d5c44017f2fb9c2bcda61af2a8fe3f1c031ec03e0ef7375fe

SHA512
780f49d7c86cea6eec21a827a1ff11a6c69101de0f7f2dea0e210ab4449273c85f9226dba92f0091b6b2733cb7b0329f1bd117ab1fa70ca55819187de9143757

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0c50d9710bd60e0e0044e9e880bd24e6

SHA1
0344a897a9c2913ea47a01832490e4921b5501a7

SHA256
8e88f632b4b0b4c50d7609014de739f3b3bd6972082ec39fc58c13d72eb6d0ff

SHA512
c6fb4784d0572ccbe39fe1767760c85d37291859430938957c4f801199c000facc541adc45d32385708ea93d6253dfd66d0893be0ffa293fe641df6c515efb96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
454301ef3055eb1a671cc04a63a21e3e

SHA1
30ad51d0b1424e308695138980f65494ad861133

SHA256
0c05bb471128aace3334eafe31791699d2badbf8b6c7f1f273fe35d19851baab

SHA512
f6a69f01c1181102fa594d68d7a9e7470009a4ab014598deccde7e650ce7ae64cb7b89b1585b3d6765632bbabfecf85e839fcfba1a9ab94efd67b0d0aa1baa01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4CBA.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4D9E.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit