501efb1429c4d68046923415498fa63dad3bfa025975efd561326512da2c0901

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65dfd6e1cad3f1fbf488ae3d28a2473f_JaffaCakes118.html
Size

47KB
MD5

65dfd6e1cad3f1fbf488ae3d28a2473f
SHA1

5e6b1242485e8a80c968061481316d69beabe10e
SHA256

501efb1429c4d68046923415498fa63dad3bfa025975efd561326512da2c0901
SHA512

6ff372ca95d1432be34a925318e77b8382fcf8a55112203d6b5cc80620f328cae590d734ff82507edef84207f04faac3e280eab5f15f430075458459cf09c160
SSDEEP

768:m5BnI/jIpVjTo35BJyqCH4X0XVy/rGH5392n+6u3g90KAL7AT:8BnI/jIpVjTo35uqCHg04/rsg83g9EIT

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{93EB1AD1-17EC-11EF-BAE0-E64BF8A7A69F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422510900"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2284 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2284 iexplore.exe
2284 iexplore.exe
2996 IEXPLORE.EXE
2996 IEXPLORE.EXE
2996 IEXPLORE.EXE
2996 IEXPLORE.EXE

pid	process
2284	iexplore.exe

pid	process
2284	iexplore.exe
2284	iexplore.exe
2996	IEXPLORE.EXE
2996	IEXPLORE.EXE
2996	IEXPLORE.EXE
2996	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2284 wrote to memory of 2996	2284	iexplore.exe	IEXPLORE.EXE
PID 2284 wrote to memory of 2996	2284	iexplore.exe	IEXPLORE.EXE
PID 2284 wrote to memory of 2996	2284	iexplore.exe	IEXPLORE.EXE
PID 2284 wrote to memory of 2996	2284	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65dfd6e1cad3f1fbf488ae3d28a2473f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2284

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2284 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2996

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f721e5ffceeb5453c415c7e28309b472

SHA1
bdae1aef215951910912006e2f2fb8bcdd7a96de

SHA256
f86f41375266269ebdc6f6ca5c1dcaf04e690beb9263796575aabfefd7717d76

SHA512
bda6957519517dffb50da6694e02badc15da60f9605b406931c1746b6ab043a9593de945a1b78092ff09f2f5f445494ad93ca9132f34b5f9f19649a2e6c96c9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
27f2265f2b61c628d73d36e9e4970654

SHA1
779bf611a8d2d6f0dcfdd7f52870ffe7f519c05a

SHA256
f9a0f30b6c109b8bbefba1ab96cbdad3faca471aeb2dbb586b315e21593ed45b

SHA512
4138b02c319f9ed5f4f0f435161b1649efa194cdbfb426c74095346e1f97bb3d7cd414fb6ce237debaee55f0b3900e43211b5d6565e61ea76e4e7d3e57156f39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ef1dfc45ac6754ceac9a6b433dcd591e

SHA1
cf1c375913cf1617f4b6d023a2cd4b614031f8b6

SHA256
215effd78419e19434d20535ddbc05fe92ee85cbdbb4baae48ccbd0c13937340

SHA512
137fde32602f5ac74cc9120755dbf744a5d63e474f49ffc485925eb4f5af43d2700eb1a4e2fa61da512d85458e0cc812957cb179e17e8ebc396b67f13b128e8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e17186d81e5c481f10d34b7af6dc1594

SHA1
7f08f862fdc9d7b4a4417935c6b4a927ca99a743

SHA256
b011dfad176825650d90cd5f32c3c9456ff96430eeea0442fe4d60fa0a52e112

SHA512
47939f8bed5978cf08b27b865da85c27c4f853463f577765b477ae5bf2c53364e6353f79733f25c822015e6e6271caac6aeeac904edf2c3309a3d7f66f018796

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
19177157d5bcf4a8f7cf9aed3f48950f

SHA1
6185be0265112d057fb646a4ccfd1a84871f8754

SHA256
f78cf43ddf7506badfb3637a11fb02f5671d254c78eda773e9a19b003820b767

SHA512
95c65532d72b1bf69d8ecbd7e7518fb77c919714b4045cf29ab5cc8b962e99ed5861374956b77cde8dfb91c3de5644365e28ba0b39d7547f8b89fc9ee29ddcab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
bfa883db0c943fac56c873aec1ddf4a5

SHA1
b4a2fb2c135ac2c0040bbe4f70331e1208f8f294

SHA256
e04106d111c744d80986c8ee41ec825bd0a053d66e7a1e562781466699c538dd

SHA512
f034f5115c7bf5bf450460b2ac6853b8eed177a54135a70adb22510df2307f8386cf7d1c130a0d8d7c4c1337463bda99221c122e299d03359475c18f609ec292

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c12c55f72a2419e47a26da2d65fafecc

SHA1
b6433acde641ce94fa0721fdd31a47e4393edaca

SHA256
7730b823fe982efeebc5b86eee8fcdceb68afe67ef9d6bc36b721adb9239dc4b

SHA512
9c1eb5821ef50e30bf9ccdebb7de236ae39392d5a6113f1e25c6b48bae6b546cc520a21bb9775903cbb23b26539652b442708875793df939c6a18bb47a1e97f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9817bc13a445cf2309bbbf7624fa5756

SHA1
2ae8a52b3f160bababa39b65ce0a7f3c8b6d91c9

SHA256
7c39bc1a02ca2492b422412f9d4f2dbfdf755b92e5fbf36d141f91a7c91f78bd

SHA512
e070f7ba8cb12f0f6e51a75381e0185a6f8812fcd8047bf677e1d0e29d8beb17583e6f986b250267ed06ee932ae2b00fd9fded2050689ecf3c4be4c94843bdf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d9f6257e0c835c6fe86c91abf1da7733

SHA1
829266c903dd38828c0590f3d2ff5d5b728bfda0

SHA256
653a86cdea642a1e70d91652db15d29786f0a2a6931867148307555a84bff0d0

SHA512
a7ab4efaa343afdc0398b577b4ba29bb8390526567e9e5e6929cbfeb97a33085243f2f6f0ec799baf06499794c61e21011cf96915a281069d3ce57fd709d13b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
83fdbd24cbe419d91f5f14281e784739

SHA1
995da9fc1a17768f1fc7ff76717be2edb56b1fb5

SHA256
361e32a4f298e5ef6f68796777b32799425ac769479ba400f44212a429a8928c

SHA512
f3ad4fc5ff794fb1fe66387f83344f06b809c4d3ab889aeeb887df1bc4fb6a11e9d1be3f0fdfab2f433c761cb68778aa0e29abd6ff15c86b1a3e9f6d4a06acd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
11fffe4c57ef99aebde4e09e46d4db58

SHA1
0b6eb0b2a792772dd43e6652fd3fb35e005da627

SHA256
b7a78e926d0b6b56b72c7b5a3061b485228b5e6bf54a735fe12722d056671e37

SHA512
797a04ed775d74f6aa337f79c499b2ee1b54b015164a42b0d689295a19a616596d670f6b8351d50742bdc8e7d293aadefad4e72995442e091e4a5de860d3bb2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
37e81dc3a53d214e8a3ee286c863cead

SHA1
3ee763fb58669bcf6d06e4b33a9406aba6e90ab7

SHA256
883816f5176c0703f6fd30698ff5f0287378ea407cbfb5e5565aea214c0b61b3

SHA512
62f8db61b240207133d478a01b51fd7caf4ed27aa79275f07f4b813b6762b57ded8a6d3895888640e368d0a6eceb8bed516cc4ef45d4bd836a56ff38c1a94348

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab936.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar987.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit