cbaa13cf657bcbb649a84a65a559a5530c825e8f5ea9f87cf0fed9b341248b78

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65aa87b0063414690ae500da296c20c2_JaffaCakes118.html
Size

470KB
MD5

65aa87b0063414690ae500da296c20c2
SHA1

72885d0ea0496ce89a3952ca92ac5c3159d6f963
SHA256

cbaa13cf657bcbb649a84a65a559a5530c825e8f5ea9f87cf0fed9b341248b78
SHA512

126f438943bc66b986c10faaf910a17d4a0fcc6644dade2f96305365e190876fe38ae9814dfecf00fea42a5e2757ec3ca2fe364eb803f2b62f43f881b9260b70
SSDEEP

6144:QSgbY9nQik9yvPPsMYod+X3oI+YUsMYod+X3oI+YW:4bY9n49+PT5d+X3g5d+X3c

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422506231"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B33EDA81-17E1-11EF-84CA-6E6327E9C5D7} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0a90b89eeabda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ee2ebf07b1add0478035e28ce35ac043000000000200000000001066000000010000200000007f09390ec33114bce9c57614ea14d9ced83b277cac1813d45d73720e566b0b58000000000e8000000002000020000000106f09a38c64e40aa36de97a350a0a125bb23f73dc01e6196bac20bf6aa721e090000000bf89e60365e47f6519fe485e11115580a3f0899b91de3118d4e153402d04c3414611072c8052c3227a44aa35ac5fbdcb61e93d3c09966fc0ebbfbebe60517915ad6fd37d945cc0ab1cc862d13e26cd69c5582cb16eb0aa286bbc10644c47986769caa0f73bce45c8871fc5af90a3261d78de7f8f63625f38175728331df2b89d1a0ff6dfed085bfc8c8e8e65c6623b1e4000000012934d607e9547ed9038759cb9e7603e3d62660dae7c069de13275ea85e747f00f38106a5dfa8f376f39eb831f0d3d0a0337a5bbc0b1c8a7bda6953c27fbb5b9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ee2ebf07b1add0478035e28ce35ac0430000000002000000000010660000000100002000000096edd3dbda236c7f94bbd3a050446a2eb55a130079e5a9d84fd6f61ea8a04b07000000000e800000000200002000000009265f7b75cbf30bfda9acb36407b515f4a954faa27ad73ae0c56842ad54109a20000000daa5c8f8b39a6d289a05583e3fb9bc1c0a9f2f8d1e2b8c5a9151b6e88bc280ad40000000f984e8372c0ea2d60e293d9b8e01a558c25a1d8e39091c0db7d23cccd20673c80677b6186548fd187802de167cd5e3b64b5748bda6fc96f888fbfc4a85cfe511	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

640 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

640 iexplore.exe
640 iexplore.exe
2448 IEXPLORE.EXE
2448 IEXPLORE.EXE
2448 IEXPLORE.EXE
2448 IEXPLORE.EXE

pid	process
640	iexplore.exe

pid	process
640	iexplore.exe
640	iexplore.exe
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 640 wrote to memory of 2448	640	iexplore.exe	IEXPLORE.EXE
PID 640 wrote to memory of 2448	640	iexplore.exe	IEXPLORE.EXE
PID 640 wrote to memory of 2448	640	iexplore.exe	IEXPLORE.EXE
PID 640 wrote to memory of 2448	640	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65aa87b0063414690ae500da296c20c2_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:640

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:640 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2448

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3c264633b8985b636fed7a25c1234acf

SHA1
8324598ee6c8b8dee03d70a8619c202017c99219

SHA256
6cea513d75e4c4f3504a3e012a875523093ab74cbc850816e8410b2f41c6a049

SHA512
1bda11e699b8e5933864fa71de34f51b31a01a97a6b2e223831645e86c52560d3090ab3fd461fdff36f2aef3d1618d27fb8eed6c008ba1276331d0ded98359e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
267f46af0dff63c9e29321f1c1b67146

SHA1
579b6fe9ca261db002dfb396140c2c3eabcf4652

SHA256
7a3978eaee9abb0da00f2507845342039ff3580f49e8294a7ef780db8154f562

SHA512
3bb8a527185427a8099e2d09942cdfc0024533b7ec2f10c015757b7297e451e3627480502d062d2cbf3fb085d840f8100a05651396925edecc424ca50ad7a98a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f9e209980d40430d9d14389bf30a168b

SHA1
98509fafeff606bb442354905420505508cf12f4

SHA256
8ed565595f44addcf8ea57791db58dd75838b9efc88a4ecc4bdc1ae5656e86b3

SHA512
644fa07270cebf73e932a516f1623a373446498703b95339e1af3861a935a823b7ae933c40dd229db54df6ddd46be11c1670342ba06335b2a04a7c5942618c77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e784248abc30f9a8ef6d61adbdc75b21

SHA1
8fdba2f7e4bfd04b52c51071f48a9be742fa81d7

SHA256
bf970b8c98b55309464b519adb4794ca53da3910c4cc40780c7b3f6601d0b749

SHA512
e38614f0b843bd1ecb86605f85efd624966d4e449acd359374b42c53b44e52eb7c060ea18d84076c725aef89e92b165c04805d54676c9fa5abe932392b4bc0c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d2dc30e8deaa7247965c159e41cd69d2

SHA1
286bebe9d35fbd253ab507941e149053b16d59aa

SHA256
0f6c5bd088d5a1c31a42dfd572e4388414f223916488c616246dfd71aaf1d735

SHA512
63f24e3099417c7399748a13c171671d39b33b75acf4c12e12c4d869254f1dab5818e6f47a48a2fe007b1243fc767cb30a9b66c95f429448979a940075976a21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d784e14ab0556a9114384e60b8fd1a14

SHA1
095ae66c5eef10e821022bfa31fcd5507c6ad627

SHA256
ccea8f15bcc95a88f602fdad00eed1e57236d90d2a4e3903d3acee97dafef1f3

SHA512
5e12b6af1c4aaabb34d5319b1f6c52b51cd76161e4380187ce96eb05a94310f488f20f16daccfb59af04b106ef24ac8ae8284e7c1d691be2244c4542c5fb1771

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
712f2ae187508b992e9b5e1c61cda237

SHA1
042da07bdc4189e8c367478e2ae1fa98a665cf27

SHA256
348d1bd161d473e3d1d4348fe392b0aa98668150ef0e998e88aafd39ae679fc8

SHA512
1125bfaee4f7f44f82c048168282c4724a4362ac9a370659d18e2f62b25ed8d83007d20dc21071d97514300cfe8a1409519f87e38fbfe50912cc81f686c760d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4b9b560aca3dc30e3380d756f4dbc1b7

SHA1
027fab9549d44d0d0d6d85967a50ed36222688f5

SHA256
a1fd9503a657f41483aff32770148ef8ce24cb05d8ba793b52109f59d07cd25b

SHA512
14443a2b96f8b40c78998563957dd8a0667dbe309be88b6e08f1786a3039a008ffbe6dfe19324932161e0fee343e9d3b148278a689c154962966d8edb891dcde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a37c003e3b819911967ebfea716436cf

SHA1
2559b2da837a5ac6733ea081258fd8c77f30aae9

SHA256
811a96febb12891e9a7549b8c562b6c7b5cd4a541fe923cb045d098aaefb3c2a

SHA512
d74c1cc39e2ab22216b0a305abf0b6776fd51b15a04e011bc5a8ffbdf1b4249aa0094f2cb6dfe3f06c8debdb3478c6367f741fa0be1b33c8412f7541afc018b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e180cf8b4638573be4429e702c7d38a4

SHA1
42f39872975e6c053771c2a0da52f09fba5f3bf8

SHA256
87a10646939fa2603464117cc3328ff2a1550d8a91c0b10c7d6a0c35e362335c

SHA512
74805f43b7cdf59bdf860e90e46910f573cb492db7a5e040714b2e23db786be3ea89a23a458286704cca9484cf30bf5b67a996816cf217e002e608f969e03fac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
32976417c1816bf0f599c5a2e178cee7

SHA1
18fc8705a1a9b56468c835330bf364cd95612356

SHA256
fe5be25977aa8d54b25f225872d15ced002be859350eea0504a48c9a22503cdf

SHA512
fa825eab36687c93f466933966173b57c839cb52de55175fb14312e8476578db935dd68271d0b75a2288f7e9007c50fa6681fb5886dc499efaa312c32f8c832b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
848e16218a6f1fddf4c7562ec93c88b8

SHA1
1694bc554ef7e7dacbc1b43a2bf8540a96ad589a

SHA256
e9ae6d0147ef8afc67944af0f337712b7fc694ad9f01cf54752f58432f317d18

SHA512
33bd9804f78706b4590928e53bdf031815e3d6fd7d2f5cd56128b830f0780f53579050db56bf80ff9ca01ef8f6bc23b0e0d81757919bce831b467b231d0e37a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2db5614068b93086afd1297adcea4ec9

SHA1
b5e7dce12867c0fe8a66694ba44196092dcd8145

SHA256
373ef5c4a3959431ee1435b8aa08f4b870430f5e0c402c4650f8ae897be1a40c

SHA512
e75efc127b4fde0b3ab7730333a1e9e62da9138ab5711aa37f9eddb52340e7f462a7f20a498c1c5134652b0c13e30de60ea9770de3139441bf6aab46e1a876ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ebddd601664d992c00302a32b1c4940c

SHA1
591f9d950a890e46d1bac221aee1437e313898a5

SHA256
e21475d7582da0b4a3222cf6b6715f4a58c3397ae7b9b8344b165785712d1373

SHA512
dd7a42474f8f8747fed785f73d69c218e1f9cb186001fee96837095cb67f5c963f3b4bbfe2340f7c743772cdc81879a36dd120468837399d0c4169516ce0138e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b5246d09f0a417af402cbb8a9420de4e

SHA1
60af3b571c2d349cc0d8543e8714deff80649c38

SHA256
95600013321f7e112948fe9f49850130624554c8be22e1a6a9401b6117b806ac

SHA512
543a98cc7f9584b4de61a7d4dcec8faff82f6b7dbe9c3156c2e7cb5a5c9c9af3d85d1db07eb92847a18313b8d80959662260a3effdaf35c925c492ab7eace972

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6607c51ee00a5451241faafac4e4407f

SHA1
e17106afaf981a7c51e152d5c16e8c5b55fd6001

SHA256
45ea5a52cfc409edd193fae7dfba4a391a463ea9426970a1cc5a98ac651270cd

SHA512
b50709ec4ad6adad297217e91107ed9f5e7a5b5ed910a54a540a6bcebf9eb0491d3bee08c596a2a5557d6645b2150e0badc6274e34da8e7125721c37da6096db

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB3A7.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB485.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB4B9.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit