d3999ddd38f044c9a2f22d17438d97c0542847b7c0213b892f289eadb814d1a1

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65a611fcd5a9fc5a412aa26f5516fc82_JaffaCakes118.html
Size

80KB
MD5

65a611fcd5a9fc5a412aa26f5516fc82
SHA1

65fd5be6bea4ebd55abacb4ebe1b8d269ae73677
SHA256

d3999ddd38f044c9a2f22d17438d97c0542847b7c0213b892f289eadb814d1a1
SHA512

4d145915cfb1330b13032aae6164f9ad0eac3f2922e09d7577e64e64907ef99fc5832acb27b3593afdfa2cc663c27c73ec71e7ccadc0b0d082c68c310fe8058a
SSDEEP

1536:SQclqPewzNb3enfH2cXTrN6MNb3N3FNkeGeejyeBj+CeAvISeOePexYqH7hPagNI:SllqPewzNzenfH2wTrLLBQOqwLWtPJE1

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BD00AD11-17E0-11EF-AD30-660F20EB2E2E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422505816"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2088 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2088 iexplore.exe
2088 iexplore.exe
2080 IEXPLORE.EXE
2080 IEXPLORE.EXE
2080 IEXPLORE.EXE
2080 IEXPLORE.EXE

pid	process
2088	iexplore.exe

pid	process
2088	iexplore.exe
2088	iexplore.exe
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2088 wrote to memory of 2080	2088	iexplore.exe	IEXPLORE.EXE
PID 2088 wrote to memory of 2080	2088	iexplore.exe	IEXPLORE.EXE
PID 2088 wrote to memory of 2080	2088	iexplore.exe	IEXPLORE.EXE
PID 2088 wrote to memory of 2080	2088	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65a611fcd5a9fc5a412aa26f5516fc82_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2088

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2080

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
252B

MD5
a7685d6141b6974c27f4696653e15b52

SHA1
11a484ed64e52d692299f23ae616059b2eb9c91d

SHA256
9b96fa6800ce5aeaeeb77692bb15a9059b6bdb256d7ad8727c6c4392c3474786

SHA512
c34fbfe362cc391201d87e05d6432a71fc701baad651a4b0925cdecff30efb3abe6aef456c973aa047902ee1663e13a57ff7c663e91a7c7cb7271114e4e1c0de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
024222422ce574cb7631808f553092af

SHA1
b1b5b5b3e98cef62da24d76853772fd3531c1329

SHA256
1794626737526f042037fea7337a8375e390c7245f4f7929693f71430ecc56f6

SHA512
912752d1d9a3908849cf18ff00b9967f95f15a21ab3ace1a04ed62fd88347ea51990e10bc5880fb0b2f3e1a9eef0201468e4576bfe539d67ad6d091658a6636e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f2a3ffcc1a6643ebd9a5c64382961588

SHA1
0962dfebf42aa2621c745ec41dd0012f44233d05

SHA256
a33dfcdd808387714bfcf30d6cdd982956cc151e4950d49cf62bb0f7c198d1fc

SHA512
b5bb1ed3414f83850e7f50a80ec31922bc27a50ef041f24931bf764d2ac53164e7d7c12bf4280c441deea979806202c3d91dc19f4ca1e941c7299373904b0cba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
180e419d36b516bbf6f48ffded02c58e

SHA1
2727335ac38da67a9caf14828f5f76f10808feb1

SHA256
42655338b2788582d6eb0b8ffcaeaa8bb209bddf73adf216d9ceef7dcb947615

SHA512
b83ba0f3e5efa1cf31d7ef2713ba7ad5966b4813b6b74e74d8dbd1675b83b24befa8e559bf9e5bb7855755835136b78f1be9592fceb830df2d89db2c4c08721d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4238efb3288bc796ba6f63862d0ba0c3

SHA1
664d90a615701670af2cc73889994b01e7db0eed

SHA256
f3cb52dd9380bfed07557df690ea4e0ae183f07aa5740d18e487217bf64e7509

SHA512
99dcec3646ff552d45817b1b468a55e587737d43e01b0ff635922aaa0f3255b03225a0965f42a64f1b15fbd354cb1c43ab41bc215c82662eeddbccc1a480db75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
faf7fb6af7362835665085c6af4ca37d

SHA1
48f020671ac4c45cfaa55ba2a737b44ea02b1a65

SHA256
9b9a7f6e32612de496a39f416c1fa0e3c2a920326b9c76215679878b01e6a092

SHA512
4fcd3eb089bc10028976a2b781550c8b8dc879981468751643c635eb6c030058e26c0babc619d24c30a37bbc3bc426c8e1a2cbf1f3561045af55bf0b4bb49956

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f50b1c89ef1120d02bc004d371f8de9d

SHA1
44431a306ca6d0366b2c394b2587215fa25149c3

SHA256
08a3a74cd3c3e66cc59f4125ea8fd92815ed37fa951d496acf052719b2e0dd33

SHA512
744a8eaf4dd764944e8fad7c802d899cb39b7050958fc64a0df08b7bfc4182371727fe91327ab7c889e5b8b3cbf764aa86669390a2368ad2373a6a2098bc6056

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1e52b2bf597c5e2540eaf89e8ecb062a

SHA1
0314a0c1b3c728b2b5c9fac245a97122935deefb

SHA256
f7699a12ea57f7ec12ee7fb7395dfaa815723bde51a09d53b36e014b43461765

SHA512
af338de4c1b7ef79142b1dc8110fe0ea4b8907126f1ba410159025cd825728c243e04f0027cbbd684a82f8ec49bf48aa29f3be4e51c14791e08966af2d73d4b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
25082e7676a189eace9b1afc30bfcf45

SHA1
af31d1f45b22e4e80fb9fbc4e47cedf0ce151eb0

SHA256
1b0c449085d0cda6a47bdb218efe06ee1848ac69614c82fdd59d5bc200bb37ef

SHA512
185c73ff9b33ab96733f0f3b97fabe879cb3f3904df48b244aa821ba548bdc2e36588e2b51b506ce4fd1b0efac0b98668d9c2e41a86934a7f53ab9a4d73531b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e1baf7138edd5b8bf79a886449064346

SHA1
31dec8cd8a8137427fafd04f717fed2fb808ed96

SHA256
c1f5fb493d5e1ccb267ddde6ed13bea98c9ed0922c0e6a32d199796a253bded0

SHA512
1113bad57b94616de76ea98866a1b6b33ad1ccc93c644dd388d11fb3900441ac4da529491a7adfce974b0013671c5b209915864718c1a676d07b2be1833b7c9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2edefaeb9c2b5cf2b31199339a535f38

SHA1
48aa6894c1c0e4f86fa735730e37a300c84a6339

SHA256
96616379497d8be4454d2c5de80438be068a0801e3f33689f449ea6aaebc333d

SHA512
56e98c47b24277d2417fef7abb971ec90cc78057b0a1bb053e0715a969438057a5d2b3c34f6f222f89d68c66262a47020d17794eb4b298ad79c58e73a5d43697

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f5868a89c2008d09dac3c352046532e3

SHA1
42c9f17eb87eff6569e9267f4a7dbb5e2a28c5fa

SHA256
e120c5e33c9142d58d9fac4fda4bdc4b6221e38f7dd65751c0d19bfb37a13463

SHA512
845a6ed2e4bde077f9defb5da7ec09f6cb9dadb1fbc58c3ce3ddc2183818d13460519c48b5f9c0ca4d7b45168cfbd7cd54f7e400216800ebd3016616ac446adb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2ff4cf3a31efd179d0c094389c047ed0

SHA1
261ed280a51ddad53a4ffa6ab9de767e6a01e589

SHA256
d92ed7761c03ef2638d32c8be762d6c985cad7c83eb4d691462359da5c479360

SHA512
e7def7b8c1bfcca9973eb31b54bec887b6039368c0b90fa2973c6fe6edc2b2dfcb907b246c90cd4b580bb0269a8308800cb263aa40de65a47e824c04e245b3ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
00531dfb03f04fd7d1221049ad171569

SHA1
8e4e1b986e1c74fc610a0616a3d5466cf4b34ea5

SHA256
e8c1bcc1f6de86e99b66fcd7d3b6d9b3efde0dc226af60100441763fb47f238c

SHA512
ae0b615e4533bfb118bb62213ff6202f2757a5f5f9279f248c210b4ca302397a1979ffd02c63b12f4a2be1cbfb94ada9891d06c3c343e7338f0509e8d8d79e4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
Filesize
482B

MD5
a8c35adc2c9b9ad031aebcb2ad4a038c

SHA1
8222d6c6be16959d657c14d4db2a8b97b4b585f6

SHA256
ba923ead81b7c071438fdfcd0b3b923d3e90eb279369e88c9feb63469664cbed

SHA512
e37df4d2508acc820f32d82b45b213ac6c0eb5c5c1d58afaeb7ed983ebf82070563314d22bac9adf7be0c44ab858ea524f3fbbee5cba103cf27f42f7314bdc57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
0b513406529fbca6c7c9c85f3cddb7be

SHA1
9a1e4068d7d604d7c1765f176f429baf7b486982

SHA256
d94732d608efe13e17b50d151be3527c70ace64e5426c12bb1d06a1c67b194cc

SHA512
71d7c68ece49e69404f29d5e82ae6f266343000d9a5df4105b9084fdeff803b32e85afe240894d9c6dca39f0e1ccd0fbc8bb3056c6de7b9eced6ac7577a96495

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1881.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1964.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1886.tmp
Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1967.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit