dabe99fd3f1af485ec33cf26fe5e1876dcc40474de18dbb58f0e734ad0107d0e

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65db472f1aaa1c7705dae7d34302b199_JaffaCakes118.html
Size

71KB
MD5

65db472f1aaa1c7705dae7d34302b199
SHA1

394602432d04362a4698200def5944fdf0359c8c
SHA256

dabe99fd3f1af485ec33cf26fe5e1876dcc40474de18dbb58f0e734ad0107d0e
SHA512

ad189dfc4725e54101d807fb58cbf669f79bdc0f691b562504d6d27cbeed36c1d8de70e37babe6e0b28e7caa6bcf020d59b05f63a702f281b37e0309e19c77d6
SSDEEP

768:fGA3VR+u/BviLATgrsnu0kcGOQR0QiGbQgtwZSftFjq8L:fGA3VRzviLAT5kJdid4Fjq8L

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7BC2A551-17EB-11EF-8E7B-D20227E6D795} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422510431"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2740 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2740 iexplore.exe
2740 iexplore.exe
2112 IEXPLORE.EXE
2112 IEXPLORE.EXE
2112 IEXPLORE.EXE
2112 IEXPLORE.EXE

pid	process
2740	iexplore.exe

pid	process
2740	iexplore.exe
2740	iexplore.exe
2112	IEXPLORE.EXE
2112	IEXPLORE.EXE
2112	IEXPLORE.EXE
2112	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2740 wrote to memory of 2112	2740	iexplore.exe	IEXPLORE.EXE
PID 2740 wrote to memory of 2112	2740	iexplore.exe	IEXPLORE.EXE
PID 2740 wrote to memory of 2112	2740	iexplore.exe	IEXPLORE.EXE
PID 2740 wrote to memory of 2112	2740	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65db472f1aaa1c7705dae7d34302b199_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2740

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
8c3e8c308e0c5e681b47af588dafdd28

SHA1
04976bbd24a07ccecf781b912ad73a2cfc4ee749

SHA256
8e29c97bc26bb875eddeb4908d30c0f0cd5506387a8418600d18464af7d6e4fb

SHA512
1f98dbd8817c3e20e7e5a36a3556fdaea0dd6304f48d15f21b52edba50cede0953f24cc9ca1634475c3ae29b42a636badac8e2854a27aca316c6e49a4a5d00b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
196b0036835c72314fa2843772f812d0

SHA1
15f27b81ce16f45f0b1f3e33ebaa957feb803cc5

SHA256
f40d8c6da8d38eae15ef44b31f1b2cf3b495c8243caaef59fc55f03c9a2f8208

SHA512
32baf78bdb01faf5d27119484ef6a6d064b5cf581a9964f43bfaf704e2b01c505464ee766a78221c67903d1ae843925c2207bc040f63329f26c095528ecddf71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5cb4d8c804a9bcda9ea020c40c9f592

SHA1
971ba0e749f7a3bed835bd2dea41281b87396e22

SHA256
06e5d0ed87a88f10cc1b473f143d246655faa8fe98f63240f5bb9a0c7b8422b6

SHA512
47118f323de226a9c32145aefbb4802ab53e21d9f57c8247c05e82bc356eda1b48e788823634f1d995eec6d5b61758ed9d8ad21dee4c32c754a7e5efccca7633

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd122ca1354e58b059dcf6fbb2e3dc2a

SHA1
e753e55312c519cf144c9d30621522e9c490868f

SHA256
bfb5f5d9d8f4bac2c0220ebf63d51da798261332b272955d76e1a33f3e30e4c2

SHA512
33bf7826e00754f5943dd7b43afafe47bf090d30e94b7841b0128eaecf84b293ffb84745b45eaa44b9b3b085cd60bac7c7fdfbb5e8f443793647634fbdb458f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31094e10ed7b8397106439bb98341416

SHA1
760f8335397dffeaf5609ef322a0818c7a09f5c6

SHA256
f774e8db81ad278d3c36b21350fa53eb99cc3fc52c9ad6c0a4976c84e583139a

SHA512
f1b8499214b9ad291e3fa1483695ad48c6ae8cca2e13c3c155d42ba94cf353f158721cac9552f7d523005c59973ddf41eab42f3ce1bd5ffd124ea26b3d0e1169

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6985fb3171da77345082753f514a5ab6

SHA1
58394b0512decdfad96e2c28063c9f1a82e32091

SHA256
d52870d256ef6476cfad6aa0b386715b26d149d624cb75fd2cc8b5418384aee2

SHA512
14615d4ab625ef861e593437a2e9be7b4394ba75367f10425ae244617b3ad73bfca14ee291f5f1d3151e51f01d0ca722218cf5256f34b7311c0dac4ffde3f33f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2707406e2ccf8f7fba9547a1566838c5

SHA1
10e14e7dd6b85a7b3f0ce9478eb0dc33320bbc1a

SHA256
010ef9462cf7d35cb5843e127d0f0a271a4a3cfff78970fa563ad84c3e4d2885

SHA512
94b5b4db0e11c6527bb25718ecaa880c2cab7a7b2737826892c55b5688b7e548da0defb07d35365cbd2a938e7e6b50bcdddcb7907c7a16edd044da42baa7c4de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58feea7a5db6f30500892f90f9f11cd2

SHA1
2d5971e40f035768092e49dd518229e638bdd56a

SHA256
fac30f0d654e968a5b6eedcee2e6c3aa0cff89e8b4d5b526514f87b7057b7344

SHA512
46ef676704f110358a5b8da76abb59323ce55eb65abfafff38d5581a71da3ff0e904e2821f105657ba75f8756a5adc535c7cd426f44fe4215be1ac621b1905a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f0348eddfd0d301133eec518219f42e

SHA1
d66bd00cf67e642e4dea0e51b2ef170773a8236e

SHA256
88414bb6be29244f8ddf54aed91efc30bb8393af44b367a8547a01c15c3981b4

SHA512
fc0d4d736177e29e8b01cf3f7a8f9b62a36d494a4f7de6351f4fedcb6fd3a4028a3545cedb59d9cd96ce25778a86a75eec4471475ad428f7c1b39008f9e6cd37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
970fe7bb04f6dbe8257adb8265ad2bd4

SHA1
81aae6fb101eeb7ff21301b020ca1f119558f7b3

SHA256
15477a454da617eff2054ec0f05b489d213b761c70229b4225f44f35ea0b3bce

SHA512
7f19c6e02fa3aa8c784dcf1b0d90478d622d4850b3ed9d0278a2541d9424097780df88dbcf971fa61c7cdafe1f5f3ef6e540f32231d14772f5818d8dc3b137ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77729bf10547c7cc84847f54a56c3fb3

SHA1
5726e0c36a12f3116b6724edda3d1e56f55f50f6

SHA256
9d0261765a58123733601614970bed8cfbbb0ac58e45f9ee153ceb70a14e0f59

SHA512
352db4fbb09032f7c68439a0d499a06552d6b369dca244505828f15c1c122e74db3bf91cec37dcecfc5a8bee84b5ad96ac40938f90c4e34bad37bb3a9675837b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
00c95586463f713c8fe03a10d6e77c42

SHA1
911b9bdcdfddadd58f1b2790ea58ca7ab3aff670

SHA256
bd5eeff7659e4a2c3f81f258519299bb73282010d8958894aee7c93eb510d3a6

SHA512
f9ceab45be6b2d1fcfd7915a610227d5c47ebba7d79ce7ab6d52c8b2fd10bf179cef85f6d607629a3aea4f087f0c817f9b49ab8fb0078ebb4ac6eed09cdf150b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2E77.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit