3893d4366b94aca10a8357f1cbd1b5667e6b1bf91f6116b47a8bbc62fa4718cc

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65d244a88d97762f1d33d3be922c4d70_JaffaCakes118.html
Size

38KB
MD5

65d244a88d97762f1d33d3be922c4d70
SHA1

cf7a2cfac9e629fbf549b162c6ebecaeb1e84362
SHA256

3893d4366b94aca10a8357f1cbd1b5667e6b1bf91f6116b47a8bbc62fa4718cc
SHA512

fbcbb51e3f06a4977deefa942173febdf517edcd2189362d4ce7656b42fa681554fb2e6d0cd21be72f3731fcfd47c1c952e695db3ed8753c0dca4781308e9f04
SSDEEP

768:SR8MPxCCLZ1P1AvLQFFry0FY+MmP38scHtxbiiKkQVSbGu:SiMPxCCLZl1AvLQbry0Vs9H3miKkQVGP

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422509637"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A1EB06C1-17E9-11EF-A1FB-E299A69EE862} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2380 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2380 iexplore.exe
2380 iexplore.exe
3036 IEXPLORE.EXE
3036 IEXPLORE.EXE
3036 IEXPLORE.EXE
3036 IEXPLORE.EXE

pid	process
2380	iexplore.exe

pid	process
2380	iexplore.exe
2380	iexplore.exe
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2380 wrote to memory of 3036	2380	iexplore.exe	IEXPLORE.EXE
PID 2380 wrote to memory of 3036	2380	iexplore.exe	IEXPLORE.EXE
PID 2380 wrote to memory of 3036	2380	iexplore.exe	IEXPLORE.EXE
PID 2380 wrote to memory of 3036	2380	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65d244a88d97762f1d33d3be922c4d70_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
76d17fce62bfdf3d0029d8519e77f53f

SHA1
cbb771c796e9d18fc172cb3e423bed46a5f313b3

SHA256
77cedfcee59984c0ee48625dbf70a2c51d676eb9c976a7b21e9468bf9bdfcf6e

SHA512
a3129c8e68e3a5539b9255dee05aaaf57a1750d0b6f463b147baf95416f036fa4daa02482477afddba04b3d5130165c762a29a0b4e47ca97ea3eb67faec60c62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af10cfd761c4cde20c0c06d04cde9fed

SHA1
401e000235d39a05897330a159761577dd35dfb4

SHA256
bce5e0a282f429190b76817a975480a07e904e3e118ef9896ff6ec67df244157

SHA512
8b87731c388d08120f37127a53a8869ef862450d74e64a077930cb06168e78cfedfcb5d3dc7e12d537e933dbf6db5b32f7f865f02a81c411408979814cffa964

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
120d537a72a5659f69186869ca268e23

SHA1
f35971912ad59757fd82e96d139052a75470b399

SHA256
91c69527aad3a61c77c36e9e2d7cb118d2210a5f40af051305dc8816e90077f8

SHA512
191ec9f77b08a752daaaa05dba6113ea80dbef245c9b0f76c9dcd6a5114d57f08bedf5625d6e725b36a253633ba7287e37b0d5a553aaa52cf67c1082e261e87e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b04706b49beb1ac01aa100ae721a62f7

SHA1
a3855b52b254f0107ff3c76bf8990a0029a1bc42

SHA256
0466344c3c81324732583dd8f0e96add6252e539c494ec0083833033cc58882e

SHA512
4358218f8919a1caadbf0c54c30bdc1f5a945d5d30705a4bbe97fbe5e974fc61ca27379d71f3a04de5ccc9ce988e57c1dd4f118871936c2d51970183f1475987

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f62c98114259b9af45671ebc95292eee

SHA1
6d76ac3a375e2518b624af6f99cec3c685144d30

SHA256
7f9fdd42d8be8655d76d39702fc15d56b78c56563cbcef4b82dc36e03e8ea864

SHA512
580d7f0929d8f9bee3bf1b31369be81a108c8956faf56740cc30301b2d660341853493bd93cef3d6c75860e3338803776ebcb2c91fae1eb6cd27304f0805f5bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
236a74e01e0f0e2e4517d445c98472ae

SHA1
e81e60103cb5386913494afd900d39499e3aa68b

SHA256
87c296bfe0885fd6a4aa0fe236bd2df13f43d33ad1be0072057f09e98c4277a3

SHA512
5d19a3a0f462d0d2949edc7b0867f89c3ac243cb026c9bb5408beca470b65812b567d6e6fa6d2e022ee0e9f94bea9914e68b62fa34e87c22eb971ff4062b7b13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90968d5df312b15c5fa55a63dcb076a5

SHA1
b1ae03e1f5905d56d00aa76ba1a5872a265185f7

SHA256
941a942572e1b374d4ff6eb617eb9ff3e519e97deb85f6e0d210b5c045978f96

SHA512
82c5febde70529db6fd3f546d0dcb15cc532c664178cc3413a6db8eb1ed2f1d990472d437c47384e87ee04ca79d88a4ec87a00471e53f0588422569521048012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3dfb8e2df9a4ea7bc177c5f7a98c5b3

SHA1
a3761637e7bf46ec1cc2aa0aec677e9f5a8878b0

SHA256
23e9f43ded33b80b2f783e01f6affecf51fa4c6bcad406194b80002e517973b3

SHA512
7535d320180b61a4c3edf7e0247ae5b392339275bc53583dd46cbf92e6efafccc3d6f56dbdc0abd689ddb5895560e99413082e55debc860bddfc3fd71f3f03f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a554128840b91f5d21016b8222564013

SHA1
6218a0ed62f5e8d3584cdb5bac0600b708a53306

SHA256
47c8718c7cfc018fed0d31254399555e5d71740ca3abfe2404ea1b6f85ea48d7

SHA512
b6ae3dcdf0380e8662b5b2b1c6d307b1c5a193c16012379f18cf892dced5390b8a8a435b15bd29730633a54fc7413511f7808e782d4e6d652015f40860792ddc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce746baf74dfb99499808b04085c07ed

SHA1
28aeb4c84ec61fad4093707622050a72d8ef5a17

SHA256
61ebf00ee34f6a33847a69c7e8b2ccef512418f88e00a117a4795166a98ea9ad

SHA512
ac6e713612af0e10b789f5f55a894b8204ce7b5bbb19ef4a3c537571bd1981b64bd4f44c4b6b6cb220b46b814490af7fa80836ce05855d67e3050a2b378af0ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfd2312e863e7b7bbca07a4e114a0d16

SHA1
38032fcc3575f275774f65cf692abdb6e3de5695

SHA256
26dbe29ea7094dc84541e760b9143e92cbfc4785aae023cc10c38ced70e1ccb3

SHA512
05a6a8dd975cbe983c5e7742c0b0d00b420aebc0e8c237dc696f2a66d79232f56203582e68e7d2b9cfe51e07842b15772c70cad8ceec540b66461f7b1cc4f00d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
e46357cc515f5d55bf4a28d35359c5fd

SHA1
5bdb77371e4742a034746632a9e03b376128ac23

SHA256
d8b63c94065ab22639989480241f6ce1f54100514b046380a46802a581502e0e

SHA512
722dbdce99af07b29b2e77ec577d0764b4b4ba498c38252ae539c0bc6f59c60cbb653d4e09f14f52f20e28e2eee9b3035018563c4b31c62f7ec1276eda85b397

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab73D9.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar73FB.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar75C5.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit