49f00868f0db527997110f0e4d519f3771be95f687f04243fc0a4aeed01e5856

Analysis

max time kernel
132s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

659777e7adb4a6b1a938868e6d8788de_JaffaCakes118.html
Size

226KB
MD5

659777e7adb4a6b1a938868e6d8788de
SHA1

9d3edf98a75341fafd8682a54022eebcfb5d383a
SHA256

49f00868f0db527997110f0e4d519f3771be95f687f04243fc0a4aeed01e5856
SHA512

1aa3de433d1c58cf0402342051c3a5f8626a22ff82b017d28d995cc3a81b23841080413884605b4baca377cad4f38f3456f3d31c05d5c07033eb67a4af09eae9
SSDEEP

3072:S17LyfkMY+BES09JXAnyrZalI+YuyfkMY+BES09JXAnyrZalI+YQ:S17usMYod+X3oI+YLsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422504640"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0ccb1d4eaabda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000b14895dcdc8e25c6bf20d14831a8c8e3b0c252ae15631be7fb701a2e45aa0e7a000000000e8000000002000020000000fecad633a53a4241ab0375f62943f57a6854f950160cc09341ea1f7e533726c22000000005ee61b6bea66148f6bd114bf8c69b7836bfd1b0b32ca269a960c479c251b6a8400000005b5f9a3bf47843f8f62baa4af3746597df0a566a9dbc4fd691cb0113493f180143d8649764ac5c008435b2b0a9a0ddc6f3ecdf3ba82f25f5c7dcbbde38111ac1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{001DEB11-17DE-11EF-B27B-DA219DA76A91} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000028c7e08fe42999d7b317a721bc63cd29e38c3499de01667c7b29db31e5823a39000000000e800000000200002000000094b19ec99b9f2349139c80793b2d6ebff23c329b9f9106be1999cf70f39c4c0890000000fad3dd35c4e97786e433867f581a7748d316316368f852ce88604cd3f79dd17ea1e9673582f6e05b3fcf5e55e7b9b7eb028213ba44d265a9c1d6499af01970138b307c2d54daf596c562a4543a712482a2905e88e00eeccb90fdfd0cfd04202ba4d00ffbbed150f26714259b4a4caae3dbab4ecb12a36aeccadd4dbc71ad5b840d198059c459561d611a06f8d124d8ad40000000e3d3d5e868ddad72287fda30cba6911d2236629bebdf202879747b97c0dd343c0e61134ba1ff306259f480a3243ad9a0a87efcf54689d9e2a114c045b63f2832	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2072 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2072 iexplore.exe
2072 iexplore.exe
2644 IEXPLORE.EXE
2644 IEXPLORE.EXE
2644 IEXPLORE.EXE
2644 IEXPLORE.EXE

pid	process
2072	iexplore.exe

pid	process
2072	iexplore.exe
2072	iexplore.exe
2644	IEXPLORE.EXE
2644	IEXPLORE.EXE
2644	IEXPLORE.EXE
2644	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2072 wrote to memory of 2644	2072	iexplore.exe	IEXPLORE.EXE
PID 2072 wrote to memory of 2644	2072	iexplore.exe	IEXPLORE.EXE
PID 2072 wrote to memory of 2644	2072	iexplore.exe	IEXPLORE.EXE
PID 2072 wrote to memory of 2644	2072	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\659777e7adb4a6b1a938868e6d8788de_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2072

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5a461655afebcdb0313efcb6790feab

SHA1
d9448e28a9b7683ace1bcac42dad03150ceffc81

SHA256
e5c36befaef1e93916b500432ace18946cf803e2877846ad73381b147c3f2bce

SHA512
445bf44a3943f162f86021ea4a8c0f9d1b125edf5b2240b64671f57fbd60dde9f973045fafa4556998b05c7718127688b48033960527a6cf425415b79f22e1e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b621c0500d5587e6e63b6a8bf705b212

SHA1
fef4a874a8deee847758d6103667ea324c5b3129

SHA256
76fe76bf9ac5e7c614870a2230942cb2356c766d9db5821305fd579b055d5cbe

SHA512
12b67d9a11f0f98ebd5c7d5680af158133f0a8f501b93fe7219228e04eabb2cc941a781f701c9af25d9163b924f62c6e906287415e97ac2d042663278ff977a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e4135b0b484ade179b13fa891bb5c8a

SHA1
2d8be1576bea47df9696566778438dbd65b6876c

SHA256
27f3aded8c2e2635b630dcc70f9216f3881d3e068af445e2a3e6b178387492bc

SHA512
26758a254ef82cf455e6fa36f71d7c67ce39fce2224b6aabb230fb4fbff38f3821ae68e9113d591cc1fd6a91fea6b01c07fc2e6ac138f24178da62ac820a3561

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84f3dde28c1967d30cd5028b9d11e2ba

SHA1
700c61e420d9324ab090fec00a268fbb488b077b

SHA256
8e488b568e9410fd41c0361715ada457a53a5dd511c9a12a71d5ee1f48a73fc8

SHA512
2fc81908b8b2c818e8bd3a8cdb7c50c0442caafc313722cbc92a3e740b8704333747b4368e32f81714e570ecec6caf73f774dc0f745e4888ef0d481c84700243

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1fe0effbfc7152333052c919e62a4473

SHA1
003d007091e0cdeee6f4604b847a596fe78c7bba

SHA256
0a3b7305f0a9254844185a2fe2b56b76db199a03164bbe9a9a4a3b9fab5edd89

SHA512
6504c4d48572f1bda41a2da9abf456e06f73f693a570b3d997aee8a1ac95900de03065bdf58de12bdc8f293313be9a426f886ecab6d11deeb38d7416c15a4b07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f44765695fe95e684b52ad0c399de1bd

SHA1
581f4f3a492599eb48582a85311dbb478f1dac91

SHA256
d507230d4dd839adc05bd6ff46f15c4d3702997681240aac9f4327032890acac

SHA512
af355d1ff09d8e4d641517f21a1ebde9fbaf0f2906ce60171225b53a48d21abf94558ed7683987fc3c844bd25446780b5678b28113ea5f0e09faa5ac18afcc0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a88ba8a0a081bc96aa8b50d1df1aae0b

SHA1
01af7831a4b44edeefae1326173c395f85134e82

SHA256
e9424fcfaf636c1a1cf448e0cf05cfb359c8bc3ffc95e449bca724607f13afa8

SHA512
ba567734ed9ff7aff1459da9570d0fc5ba46eca82d71d8de92b8a92e26f4006b29782e8ccbac94595940194d49bab6ff33e7f1ab5ba37b2c67dd965f38c670c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
adcbc72f417e69df2a8b02540c96cb81

SHA1
34656a8bd7e3d2ee6238dd96ba31ce40a592e86d

SHA256
14ca2061bfbc1cfd49da62c6bfa827a113f2f2ba024ef64e6e9ce031ffecd9a0

SHA512
fdf9d5b03e301e0816fd431fbd7fc4b0077eb693df3bf88c4981a54fc117a5f332d2efcaf8e18a4685e2333727118978a5dacd4c514e4fd35079888fd5f9298e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84c538c8a3fe707e0f1ae3a3d8546ab9

SHA1
e9cab5fc48cf71119233bb2437f668dfcfd18e99

SHA256
1724317e57acadf6a794ea8cce88137184d051976276f7f619b4afd4d933a022

SHA512
239be9a2efe65d4323ec50ef7f28dfd7302c1956b5a8b0c6a22667db2fd7f77144e8c191738cdf202936414a37a14f80d8ca6ee283e573a54732848c3a4fde07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92c6889ce4026af5f7bfd60ce25fb152

SHA1
d467caa283b7c43a345d21f400c3a0b1e12670a6

SHA256
36086a47883828e5ae4b08ba05d3e9a95ee65d540c9fe8b0c885ca4a4cc5ddbf

SHA512
2b37e5434348c1c14bda0d74c22dee528c19bd2cd0c49757b6f080de6330eae610f6f9f4554988bb41d791740df094f13c1a51797d383157b0b6855264904ba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3D6F.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3DF0.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit