8ce17e7d0312549ce1f5684fb5454532b6aecfc8c6a644a216c2a6b7908d8351

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65989d622bc1045219b9582fcb8e72e1_JaffaCakes118.html
Size

139KB
MD5

65989d622bc1045219b9582fcb8e72e1
SHA1

3e2095247a249838d4aec5e6879ba018ade9a1c5
SHA256

8ce17e7d0312549ce1f5684fb5454532b6aecfc8c6a644a216c2a6b7908d8351
SHA512

2307f3e7374a7b2091107d3f6d4e6b34a8e229d1f1650d1b1dfa8281e11df10245cfdd5e5b0df22899d2077f0c1462f9c0d4cd0d710e73207cdd9c7301ad9604
SSDEEP

3072:NmvvAj1ddwmqPn4G+7rs55nItaCpRLW/clulhfOVYKcCP:NMAjbd1qPnU9

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422504697"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{220DB931-17DE-11EF-8DB2-F2F7F00EEB0D} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2424 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2424 iexplore.exe
2424 iexplore.exe
1400 IEXPLORE.EXE
1400 IEXPLORE.EXE
1400 IEXPLORE.EXE
1400 IEXPLORE.EXE

pid	process
2424	iexplore.exe

pid	process
2424	iexplore.exe
2424	iexplore.exe
1400	IEXPLORE.EXE
1400	IEXPLORE.EXE
1400	IEXPLORE.EXE
1400	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2424 wrote to memory of 1400	2424	iexplore.exe	IEXPLORE.EXE
PID 2424 wrote to memory of 1400	2424	iexplore.exe	IEXPLORE.EXE
PID 2424 wrote to memory of 1400	2424	iexplore.exe	IEXPLORE.EXE
PID 2424 wrote to memory of 1400	2424	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65989d622bc1045219b9582fcb8e72e1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2424

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
cb35bd9d6c5a4fd50a9263018bbd9784

SHA1
efec24f93d2af7bd01969c36870ebc928fa6c790

SHA256
be648ee93df285417e494e28c01e3ab8f3d043845f4d3b397dfd137d187ed612

SHA512
ac26182fb167458da4b465b118720470859e8028db8d3d71ddbe0c5be0e46b9178c5f7ccb8b1252c38754e27da1af546f8d2f6e32e1bfcbeac0d510aa831bf11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9d50d98dce4da55ba7786c4f7b03176

SHA1
709b126f98ad055e93728503c489639c305f4b01

SHA256
91c672c8bbbfc1941d7c66b79d43c25c2ab3666e12beebb37b0fd1933314cc4a

SHA512
f5b8497d30c516d4544e818be2fca535441882aebe7b9c93f65d4a5f4a80fa7ae8b26777e35cfa4d02634f1eccd8dff923e996aa2eb0740d7afdecfd7493cb74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8548217d4d2a439225ae78be2d2911f9

SHA1
f3a35df06ec459107c518be5c9298afd48a652ce

SHA256
33d7e51b1e0d57ea9b9ed286037166d52838811f5875c6692e3cc5ba57e3cf34

SHA512
d65651de9f1ab03cd261650b0c10f0e6e695ce1875f8fbc16d0432e3a8e04a840f83b87dcc5e572f4197b63272681b6e25547ee0beee5c685429e462629051fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5821e8e59375cb0649b4ac2bdab10f30

SHA1
245e704de1c672af2a3ddbf1937e8ea8d65d4cd5

SHA256
b9645ad7d060d68451af9f1a558b28f933e0c7a697bf2f5a492cfb04c41c0412

SHA512
f3a60934ee560f46a83446478263aa2b5e3412a708165a39da77ad91b82ca1653dc9176ca296c93a142ef11c0752e8d842f847fff7964ba51384fbb7013c2b5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b50e403d2c76a96103c6147921e71d7a

SHA1
dd8b9d0c02dbb8b35be2dc2a719ca1de00089d6d

SHA256
5be93bdc7eb82221c87f820c8855c6a88398cc5500c89c94176dc16c145563d6

SHA512
ee5bdc9e80747683a149864799cb5dd3e2ef34a0d4b57c97824a7044d5a6012abe983c9f074195262d618b590d4b9ea855c7e5f4b12b15cd97058e8b978d4bea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ced3483cfbe9b2880d8b397ea390e7bc

SHA1
6f130f887cfee3d49fd0e811fd9a13d79040d51a

SHA256
92c888e5fab090a17f0db38f324ceeb6a4a884309a0f79409d0d287895617f96

SHA512
e3214949a8972787e3dd3b1ccffc3df55d2d15303e4b8cff41f6cf323f26fd911df77235820bd62dfd424614d901711a2b0bc2dac80511ea31fbbc5fdb7819ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25dba22eb1382136d01ce5d6621728f4

SHA1
1a65826721e5c46e68725efb0e63f94b44327dfc

SHA256
21a7ba2a933cfbabb9eebea07d3c099a4bb0d8f09d2e6c7614f9bf5218013909

SHA512
db09284817a6b066a8750c5b3194a5dbba0f83005e21365b96aedeacb4213ccedb5f954e89e8f159efe4668f29c2ad85a62e90337715e4c6b099f5f40af73c33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39fbb7214df5c302a4b56ea3937cc52c

SHA1
d44019aa770a7f799a6664e67988389af2dc4b81

SHA256
0eecd36e336f03cb1729441b4064fcda66f86822e6f10065781771bb7ea38cb0

SHA512
1702a4512405e8ebe0bd5b47723575223fb49eaba61714015cf904ee92e5215e0dfb67c9d6bf0eb873120137ef152c0e4eb7a38598fd8c6ae153ff61fbfa38a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43fb1ada0579a214a0992900ec211e5f

SHA1
73a3eaa7c8b179883fd4624ebde2ffaf8baec389

SHA256
69bce40e1d17071410b90730f9f14ceccc9ccb88d363dd33f3fee34ca141d2f4

SHA512
186d8b3c3e231325f509d513fd57342fa068793b8d1959652d3518f18349522077ac95812463f564a6e8658fb781470fa39b8b5e44d896886a7f6694196ec9e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5bbff9ae55eece7ed5ca362b0d4ba9e

SHA1
b6abc1429d85d68da0c0d165a570d9817fcbde47

SHA256
4e405c9b08d6ab3f48e621b2054f992c84df43576147acf41a618d18b55e7fb8

SHA512
a455dfe3685ffbab7039f2228ff86ef3fffe038c8a86e1f13cbc49383dfd9799f8d951fae6f36e7793154e4291d826daf8530b86454a90ae56ce58badc5c8350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\css[1].css

Filesize
2KB

MD5
f7cc7386d154556f6c22cfceff0a808e

SHA1
4cb4fc6d9185dcb0e5992da81ac32f49d2147558

SHA256
149e6c8d701ad64cba2ade35fd2533d7fd2c243d152800aa79fd0eed9dc65343

SHA512
ce7420104a28ea8613b0eda27ff5a01ff40e72d88f7b3de4451598677e6f7e015a1f05ed8452bda0e19ae8dde64b11aad950565b56636398f05832fb62bb6350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\font-awesome.min[1].css

Filesize
30KB

MD5
269550530cc127b6aa5a35925a7de6ce

SHA1
512c7d79033e3028a9be61b540cf1a6870c896f8

SHA256
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

SHA512
49f4e24e55fa924faa8ad7debe5ffb2e26d439e25696df6b6f20e7f766b50ea58ec3dbd61b6305a1acacd2c80e6e659accee4140f885b9c9e71008e9001fbf4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVBQZB4R\wcslog[1].js

Filesize
27KB

MD5
a96a3b75d4805a36138cf2d44de88ff8

SHA1
60b7451f964d9d7f4d27d0581dd7a54bc7d3aef8

SHA256
df1a9b5c58e54a5ae635cd9316ac158183da9a29c53492436d1ff11d574a3e6a

SHA512
74c4e438eb34a921556ab8e2260666caa5db76e20e7fbc22a02b955d4c872710544c687bc6e808d15885ed424453cfd4ed549fdcba692add076b75af042c6afe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab202F.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2030.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit