31dd3d6db94886cf9ae949e55e3cd85bb0119c0be7ad661cb442c95d08ea924b

Analysis

max time kernel
146s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65d2e5095288e845151ffc44344c4488_JaffaCakes118.html
Size

77KB
MD5

65d2e5095288e845151ffc44344c4488
SHA1

a859fa5e2682add4a9aaf65a91cff68d32485151
SHA256

31dd3d6db94886cf9ae949e55e3cd85bb0119c0be7ad661cb442c95d08ea924b
SHA512

7669429b92ed0df3c5478cdeb5fba0217ba96e7366a6efe3f611167b7bc6075b3d9e341a5a540cfd04a4170e13a0100646fd993ab25cb0f42fb4d3e16f7320ca
SSDEEP

1536:TZfw5GAzqz8hCoxOeCkc/gnflLjFsWNEVk53FcAnzNmz65xcvw5g/upbmEE/:tw5tqYrc4fF57+6xWkxW8K4i2VmEu

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422509686"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C0519E81-17E9-11EF-B393-E64BF8A7A69F} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2988 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2988 iexplore.exe
2988 iexplore.exe
3000 IEXPLORE.EXE
3000 IEXPLORE.EXE
3000 IEXPLORE.EXE
3000 IEXPLORE.EXE

pid	process
2988	iexplore.exe

pid	process
2988	iexplore.exe
2988	iexplore.exe
3000	IEXPLORE.EXE
3000	IEXPLORE.EXE
3000	IEXPLORE.EXE
3000	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2988 wrote to memory of 3000	2988	iexplore.exe	IEXPLORE.EXE
PID 2988 wrote to memory of 3000	2988	iexplore.exe	IEXPLORE.EXE
PID 2988 wrote to memory of 3000	2988	iexplore.exe	IEXPLORE.EXE
PID 2988 wrote to memory of 3000	2988	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65d2e5095288e845151ffc44344c4488_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
cb35bd9d6c5a4fd50a9263018bbd9784

SHA1
efec24f93d2af7bd01969c36870ebc928fa6c790

SHA256
be648ee93df285417e494e28c01e3ab8f3d043845f4d3b397dfd137d187ed612

SHA512
ac26182fb167458da4b465b118720470859e8028db8d3d71ddbe0c5be0e46b9178c5f7ccb8b1252c38754e27da1af546f8d2f6e32e1bfcbeac0d510aa831bf11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
896223877f882fb306e303f28bb22e21

SHA1
0c65aa002b2e42c99f19554165bac2a7ba335d6a

SHA256
476ed205c72ac0fa7bb57181d0b23eb6e13bc97ddd0cee4a8fb1a95b6a1f804f

SHA512
7503fac7545196a99990c9bdede0194041c2530d24128edb97d1666e0eeae4bcdf70db12cb5acdee1d140b24802a795469e2b0c76061db0147ffe86e4d11e509

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af7698ce88d33b8f7a8d66cf5abc7104

SHA1
f300890c4b8bde534f40d6de2db3ee2b74ee9f75

SHA256
8766cfa0977262033ded2ced6e7078486d0a51364132752f04c517ce4ca34a23

SHA512
dfc9df29ceff8849915a2905e50e6f0d93d1c2ffea5fb987f9f86d0cc2abe3b5d8f4659cf348cf6cd1c4776c1d9a3b9fd45d95930de0e7f22fa156cd9852e249

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
194caff7412c51138136c79bc617292f

SHA1
afa9bd7d480890c4e74bc3d452437862460ac40f

SHA256
e9cdbdf3e68ef397108dd6039074bec819ff9bbb3cafc9b2143a03ddea59db76

SHA512
98a24f49aa84d276ac376eabc8ba18f73849fb20421aabcbfbd75d6155a2379c7915e15de312f02d6a0c5d72f1b2c70825606ccc983d77b8e4018c7195be712c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c80ef29307e06e0a230f2e36b02a2d9

SHA1
f02a1a715a1f06ec0d57f6650115689018790b38

SHA256
13be544c7f7adfe9fb26211da596357599b32929127f47218c524d35e2ddebe4

SHA512
9299e32ed6b37fe5d97c2daabfbf601ddd5936a7e9360a09ba1cd7da381df4c474c4a395d4a551ff2832c389ba25c77291b0d27d83d843bdfab0eb90c2cc8627

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98f1167a08f44bb662d0de3d103951e4

SHA1
7149dbc61c8b9f99e1bab33d6544e41be91073f9

SHA256
6e9fafc2207e231b70155b699a7df057337a7b193ec1143cef2c32b8394f04be

SHA512
15a3f38b8f6521859b4e283d77e925d5db257aea0d3116b5ea3c664ad3f6640116a3deb26532333b955e4d7454422033841e876a95a84049e12f0b3738b65505

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93212e439b879265283ecb1fdd2f3f15

SHA1
6e400a1574990e6130eabae3f25d4a70240d2567

SHA256
bdeec34aea2d90a9a799f482dae37884e201fe3f11aa7e4a197386b23453fbe6

SHA512
62a7dceac43dcbc49b839efff715c7f5cdfcbd343150917e03a83065334c2e0d7ada6dd80b6b29756e64e0e5fdd28d45ac79fe0b9128e0008b94ad2636a7d1ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44216d1662641a3d089a5b5ec4eacb74

SHA1
ce94269e3acdf548c7f85b90fc4414071b6dfca6

SHA256
b9e7d1d67cc2101e2fc95de43d756698865ff0ba9459b71a158d1deec31ec568

SHA512
ce850ccc009de2c1402a2196c30ea9c28ce06d758154fcd7a1324532b277afd8741c1263afd017e156828bac1078cc718ef57405b70c75135b35b19e928f84ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fd60ef097817205a65019ca43a7eb3e

SHA1
5b2162043005fefa22a0990291862ee175289a3a

SHA256
fbc8b2ddfc2fbeb8344550956a194e8f1f11e6c7031e1f4566fb3e1ac8b21c18

SHA512
6c4ea7f9aeb38fd8138489ef4ec045c7bccf379e2120d9688388b2939c309560629f3d641ee425984b0eb785ddbc250a6197cf5b5a4c068cd2e94448e11d7b43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c67eb554b8d796c2ba1a691a76950262

SHA1
fccd645e02b95eacc47ba36d682ce1026f1d3c0b

SHA256
11137b434ec36e6bae88a594d0131138270d44397dcfdfc8f8a52c004dcb7a1e

SHA512
217dc046a633f1b89a4e92e08244855e223f44020717254c8e598ea8b54d1dffc03013db9477931357b81655882f72f0f51f43212d78a998f84d506d9c67943e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bba601692cfc081e670d6fd7704581af

SHA1
70efee6616e95d3de9f207db5e67458f03b0e37c

SHA256
ccf57ec28bf41f732e985c2e40f5e094d9e6d7eb85f360694eec116c86dbe90f

SHA512
4960440961065afa212e0520af1415a1dfbc4996f36fc47153a57ae0f3ca706727abcd3b2782d86fd399dcf46d329980b4a013cdc4fe7ea478abb3608134b238

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
c44d453a2f2be37990dd2ac93d80e301

SHA1
1cee76d86fc8f7415c371d61a23c57651880fe40

SHA256
ac96ed28453b148eb5071978c887a0bcf79164da3cc796481ecd450e7c16d76d

SHA512
08bb02196f806624ae5224098675430d4dde4641c742bb4a057110313ae0a7e9c70ff7c201472a0287d87685c009b36fc9d1b14cea031b2c95498c4d6528cd4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\bootstrap.min[1].js

Filesize
49B

MD5
186d86b12ef82ec067ef688d14baffed

SHA1
a936cfbd349e2d45e352bc3e0b24a0973e8ab407

SHA256
105e1b4db63c43261ea5123232f6504b7c152be51f1398019fa8d7de7554ba38

SHA512
d46e450b22a61f62b8042f89ff117f94804fe07b99698b226141fa90aecd64ece93343fd6fff4eb4f4fe25308a978a69e080586f9677ae2e915c5e4db4df27a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\owl.carousel[1].htm

Filesize
64B

MD5
f1b98b4b21b505f3c97a94b30218e26d

SHA1
dc78db861db16ddc3db9779b8f13a33876f9f3af

SHA256
a1e319b2b07694e26389e7837caadf313f897aa4f1ec159686eb23da7a21a806

SHA512
a4ed34b37eb5e653cf429774908faf43451ef9d76597553e8b1c9057abbd5e467a55894407e60a93a23d3f3f68c5d5768d1cdbbad85144e25d7db7bb2d83388c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2493.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2138.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit