abd1cf56cc409f51507a66f7f91133b4c49eb9a24610cc35cf9e524eef96e7e8

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65c811a2782b5a5be2d09ccff1871e0e_JaffaCakes118.html
Size

27KB
MD5

65c811a2782b5a5be2d09ccff1871e0e
SHA1

2811c1a82ea0907af8215d39c4edf5f117353c72
SHA256

abd1cf56cc409f51507a66f7f91133b4c49eb9a24610cc35cf9e524eef96e7e8
SHA512

b368a6f5d6dd546dee981fe2e5e61c8edf4a6c268b889fab823003ac4af72137e9ef526a6ebd7df4399814f3784bd873fc211a0f69258a4f5e6383591a2d7754
SSDEEP

768:Y7S6w8gj/Z/rU6bXK+y6BxECY2r1kX/AkgLk7JTSwGyijOyXIXlrV9KX:Y73wN/Z/rU6bXK+y6BxEp2r1kX/AkgL3

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6C3BFE51-17E7-11EF-919D-C273E1627A77} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422508687"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1404 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1404 iexplore.exe
1404 iexplore.exe
2064 IEXPLORE.EXE
2064 IEXPLORE.EXE
2064 IEXPLORE.EXE
2064 IEXPLORE.EXE

pid	process
1404	iexplore.exe

pid	process
1404	iexplore.exe
1404	iexplore.exe
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1404 wrote to memory of 2064	1404	iexplore.exe	IEXPLORE.EXE
PID 1404 wrote to memory of 2064	1404	iexplore.exe	IEXPLORE.EXE
PID 1404 wrote to memory of 2064	1404	iexplore.exe	IEXPLORE.EXE
PID 1404 wrote to memory of 2064	1404	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65c811a2782b5a5be2d09ccff1871e0e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1404

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1404 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
bc9fd00199ead5ae13d4987ac0f72f5d

SHA1
9a3c5ab255cd432637c9079f9f9905d4d8f3906f

SHA256
d809ee337e035a0904df75d9502a3569a78ea049fcd4b9529286ae1af426b3b6

SHA512
b07185745fce6c81e55bd701c736d1f2466c3585ffc6952189aa002fda03548c55f4c314c86824152abdf709030fae2e2576b8e0d5ba96f22e91281fc03aaf67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8771ce2d8c93f487e09c9ec69e8e46d

SHA1
74c432f4982ed0500e9d2b9235f869892f2c52ad

SHA256
cf6da134566fac07dfe89d952ee69e0317330f3662498a42ad600782f5b42d1b

SHA512
504cf3643ed16a8bd50d624236e4d7c3c93197c7316fbd218c0840bed031e1e886557be0cd0ebd06a16e72490c57e479a09c7e3b6aa139899024794dcf9113ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
463a1e5d34edd20293f7c8b9f311c7b9

SHA1
58f03d0081c68dad63145cc01bb7af9bf24aed35

SHA256
6fe63d7c421c461107901ca77aec789cc5127021d136e36547fb395d7cb43243

SHA512
64540d3bd3139031575db0a00d3037a6e0473013067b1c99a115d2918a921188fc4b7e48836c2f3e4dbb371a8f74aa8c82bea7a7ea465a97c54b7b56dc21a517

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f861f4f0881b454f625d3bc464784bc

SHA1
9a6004168f368deb83c4eab90d3bc2633bab48ca

SHA256
8427975e725d1ac8275f1d5663865198b8e563eeeb729e885b4e068563aa19bc

SHA512
32cc1e24bc2e17b1bf30834c599a64f9a2b97cb4edadd60fd0493b564d59e77af0388793d9891cb5fd819e83184feb5a1cafab92331e1d133eac76b6459b0462

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93259af0bd9c1e4709797e96dbcdc1bf

SHA1
44170bb8bf0abfb2da8482caeb77f73a7d4f82c7

SHA256
bb9edde11cafd7da23d9041d72d23a731ab6a86f351e4b8fb50f835fe0b50bed

SHA512
7455164fbebc1e52aa7c868fad8c95203d832e2ce07ceaeec034f3036c13bc4fb05a892fd2b8f1ffb56fd19ca603353a4675c2120ed7fa9389ef75fefd7f2fa6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3376100cd65320572b473c198071f53

SHA1
d47191ffd68e71dc14e56d1de5b75326c27d1e91

SHA256
ef98d0e38c4a690ffbed43a1047c5e5fd4c58d9c1bbb66520f09164525a4959e

SHA512
19bdb60abd4a9938b44798acdc18f9d54975fb3ab90be01cba70ded8846b8d1a508ee33629d6f4c869c4155f22692ede27394f6492e00e5d93659b73e9b58eb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ed6c29db7b9e86020f1801e1f220bfc

SHA1
59df0d4fec1b91eba710506b6609cdd1368ec3f1

SHA256
e1e057fae6dfb60e93ee8d3015d716f9884990dc282e1d94759fbb4da6815f7d

SHA512
198110ce3e44ee88d7d3fbe4c8019d71c2c78fb73db069a5d9edafabf8c07a2d9e6da6da1f366f38596195f35741523d1db769774a167146a033a4da76418f0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1718e3d9ef0d9a0d6a4d9890ab8286b8

SHA1
39c3d54c70ad5b6f0b0c42ad13aa7a62f5baac51

SHA256
50c5a1e0a2cfb4a88acb21e65a7a84c4e9ffe039fa5fd5c89f5d2621daf7039d

SHA512
4a1737f659e6fa2f2c079a1f49ab5d7c0eac4ae5c228eb61fa9a888d551ff59928b7670da01890dc01a9d64c401904096e9a48609eb8d76be1e6ef39b8f6f2c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83a56233b4c33d63e9733a654a1ecacb

SHA1
53079e117563ba4c47bff1d5e62e3431c7e03e80

SHA256
b11eb1a12bc205817ddf7f7657aeff17c501b982932d77171f7d76f72d423a31

SHA512
b1e0618ab1bc45144a20d6c63e2571f9847c2fac99db8b84ee43979cb5c375798bae84e36222a6aa1f12ae4eb964c5d40d6ba1ccf868bc346e9ab6cecf6b8223

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec296dbb98d1bdc2b0a962b450186827

SHA1
45f3117fa31e02945ba5609b6b4704b384f343bf

SHA256
52ae6457ac9463b989f5119250264bcc261b40bfc4b52474bfa461231f7e09f3

SHA512
81389b3af66a13b40d3e6d40286fe67e099d4be5704febedaf0e8410c0483b14a61d6460678f4b0d65b683b34044c95f09eecbad7886f8edd92fbd71f5c1fbd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3162bb792871f2697326b73c4153c69

SHA1
ea8e5a3981922d035b2149626481fe687c3aa561

SHA256
e48899a5dafd87ace6ca297f1ea6b8efa7b69d46b8e09df8a811de0ecc2191e1

SHA512
41b276f4a9cf6050d4c2776ae78c4388a60e3af64d90b6fbfdc209eee232ee941adfdf2d79a4c2f8b6b17c78a6895bb7fc26c549ca64f6cdabd9cc3dbd30442e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
e06842fdb132e9bee5610f73a2ef201b

SHA1
968042909c8ab9afa8d441ba0f0d37db49b5e640

SHA256
c76557b349fd398a8d39a6e337c43d713f94122b5e6493434a1f0e6aa218f9ff

SHA512
1e8c08f6f8e8ac1de556b48105d32164d38a4be570c3ec8fa0c9965adb1b33fc4e75a120da779e275db4552286dbdd462488f8893b9678415c453ff6e0aea130

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar10D7.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit