7fb33d5bef07f18e83309c70a78ffac729e53002f616b8e87c9fb28917fb30ff

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65ac3d9ce4cb37c37e88e2abcb16e7ba_JaffaCakes118.html
Size

95KB
MD5

65ac3d9ce4cb37c37e88e2abcb16e7ba
SHA1

00c39c13ba4fcd09a60e39ca3f146eae0e10e565
SHA256

7fb33d5bef07f18e83309c70a78ffac729e53002f616b8e87c9fb28917fb30ff
SHA512

7609179456e1404baa31e327f73a080dcd40bd62fcf92a10faa760c08596a0b352c01d9d45b87b91af39c9b8dc1b0e837f22ab0fa28bb0ef74fd1411cacf9133
SSDEEP

1536:k1bxJwtgf6hr76OBKxYuMGSCJsgHZVqGSCJ4yHNQwJxOiXoklflem/VgIsaaFyR2:wbxJwtN93iigHZwiBQwJxOWoklfle6VI

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422506417"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{233F7DD1-17E2-11EF-8221-D669B05BD432} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

3048 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

3048 iexplore.exe
3048 iexplore.exe
2884 IEXPLORE.EXE
2884 IEXPLORE.EXE
2884 IEXPLORE.EXE
2884 IEXPLORE.EXE

pid	process
3048	iexplore.exe

pid	process
3048	iexplore.exe
3048	iexplore.exe
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 3048 wrote to memory of 2884	3048	iexplore.exe	IEXPLORE.EXE
PID 3048 wrote to memory of 2884	3048	iexplore.exe	IEXPLORE.EXE
PID 3048 wrote to memory of 2884	3048	iexplore.exe	IEXPLORE.EXE
PID 3048 wrote to memory of 2884	3048	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65ac3d9ce4cb37c37e88e2abcb16e7ba_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3048

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
a4f606ad07da0aacb98aa64556ba542b

SHA1
299b60001024becb114ef55645de01d762e499c0

SHA256
37b45557b47f9bd42fc12f049867f7bef850d776e9a9189ecda93e60d2910c4c

SHA512
2f2b615d97a0d7c6854700965f4f004e5331ed85ae7b39b93e7125bdbd3e766420721d84b975a6bea077f38ec9562041c615624789754c1d453573ef89ae7d7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0420c9929e2a3bbe2fa0b9b6d8b718a7

SHA1
a8aa5acc43a6e0264088df1c6d930ab576819728

SHA256
8ba47f420d1cc0791eea5e08b3779eef7e47b3b8d144c94d57fc386cb5a4f5f7

SHA512
9d56b53956bf403cb5bf3fded00f4d7e9f6e380cffcd8d407e6639482f8b6182d00c952db65039b9be730913c5216b22ef093a86cfe72852386a7af24d9dc1b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9bd12fd2e734097d439f2ea71f4edc9b

SHA1
e671207eba90627c36ba79c0926aaa269109942b

SHA256
7333d1683d0e08d210a43abb32c8eddb2a0384b3c542e65efb481483c9da5b86

SHA512
8ac12a8971e538dfb752e3aaf03e1982b6d629ed128b2b163afd104402014073db0958e76ba90745291f228b4aa70bf0dfedfeafe34893e350e35ff7c2f96407

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d17b13784406e6daa6b1849b849dd603

SHA1
b47290c978eb13477dad8a24cf286a5b32dac5c7

SHA256
80b8dff7e893151adbb7699dbc7857613d6b90168ded9972e5f9e1d2ae68b7f6

SHA512
25def5ce5617dfe90abeade12ea1b9ab0e5c06816e413a81f39f2fa8afee3c6256d604207826a3613b015bf1997127276a6ddc1100c72fc9576aa0a1d42e6eb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ff32e28b9d32d27ffb6986f1c3862d6

SHA1
d6787007a79cb9c1ab258b338eb3af46b430ba64

SHA256
5f3e500d068c5b0ead89e28e887478d635b505cb85672bcf81b6bbb30f6a6cb3

SHA512
19ae4d6540e5be71c16f242dd7899f60d70e6bea51910a8e7ac4d6d9b0e78ec68892441f9303dd450cdd0a75de19988035b54884fc282271f461a2bd2437d54b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a20ea7bd4ff232c7f7f4c88d171be968

SHA1
79ca8c4d1e69392dd7554f772487ac8acb6f619c

SHA256
2624fdeec0ed33e4ea33bd63f6c4a38f93b5de7ff935327ee6aa7021b41fc6f9

SHA512
43fb6f7a01dc138efe5276e6d7bc07fddbb776df0748d86e53d2e7e2c8c4d8a5ae75acf29ec3676651e05ca5ae3db8c7704cb4b19f961955cddf7d0d09f42500

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb712b6e09a9dd0dbf6d770524d60864

SHA1
f5b591c28d179adb94ecd4ab42df66a1da24873d

SHA256
7df17fb31e403ded1e48c2dbe7ed924073095b47861dc3589eba2351c062087d

SHA512
b6425b056d1052520ecaceec3420eeeac20d37ba121d3c781291da0d0ffcd293aa5ce79c4df61affd372efe76556e457b57bf066c7fc50593e8402a078aad697

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3770e7162e7d0a7713603bfca34d6d0

SHA1
3d232615d7355b4ed3e3b806f1ab9bc6f904f52b

SHA256
948f944a6e4f0a776f01401c8508b7a14e7ee38020e8bc0123fffa1fa842d3d7

SHA512
b8c42c59823b0facc96ea5e173ec5d9bde71a5e44193907678e8da26ce36cbb51cf9b40e8ecc4238b2faca420221cfe2c4dd4fccc1998c4ab36fcfdebbbb6f16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7766902e3b87da5774ff027926d0a3b

SHA1
3b091b17d0917071454f403da08947841be45afc

SHA256
8ac8c56567c8195642b54e975e30c6c7eab2280f9df12a1130ec00186fb34e20

SHA512
a6c098da154db2d9d0c74fd15b42e599f89a5889a64e25bc07ae53cdf085937a057977dd0042f4eae95116370d765fa6ed711c8221f11be766e1b6ef3f2a52fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c71883f29b864817ae965b146b3c9d3f

SHA1
fa361d5810c1b44a17f6bce4324962c3a81b1afd

SHA256
044576ca78b83d5ad76208808528802430539fbb471dc4f6981a723c206ecdc7

SHA512
9d18b91bd0248a4343939722752bc482dc643138186267ecdc2527f7a90197daf3746726ae66a7e5f9e39bfb2a3f7f95b104c681eb02c59dbfef3a181ddceaca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
122ac725956bb333e54fdf73968d6e7f

SHA1
4bb564906ee3d30df2b07256b71d64f8381c9541

SHA256
8096193e80f2d0db50e455e52e26b7c78d46fc8d2bf75f3ec26b8c2a35d62d2a

SHA512
b1de18570c5000de62a610246adde7817f97bc43d28772087cd4a7d39df98261d14bb01725b5d8822b7856a1424d396e40d3962b78b1b3d254e8da8808cbcf11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1B43.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit