deb54e7801dbad23ebe43404ad8a531d770ee6066a4eb80f6e5da9500bb515fe

Analysis

max time kernel
146s
max time network
148s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65d536614f46b955a32b71c880cece57_JaffaCakes118.html
Size

76KB
MD5

65d536614f46b955a32b71c880cece57
SHA1

d2a9b5db152736cc6f47e7754f5987ee0c691d90
SHA256

deb54e7801dbad23ebe43404ad8a531d770ee6066a4eb80f6e5da9500bb515fe
SHA512

e84dd090c9788596be0173e3eedaf1a1ae5a560cf5ec69d3ce57e156dd1ca1d43b8f86b9b7d4b623270ca2797b5f0fc4bb6c86685b9d12d773133ba2bc3f1ed2
SSDEEP

1536:5Z+HDDlzsVpmRySTptEx5SZWMVaoNmDMB6CA2ncZh:L+H3ZAmKx5SZWMVa5DMB6CA2ncZh

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422509912"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{466EDF01-17EA-11EF-BDA8-6EB0E89E4FD1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2940 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2940 iexplore.exe
2940 iexplore.exe
2072 IEXPLORE.EXE
2072 IEXPLORE.EXE
2072 IEXPLORE.EXE
2072 IEXPLORE.EXE

pid	process
2940	iexplore.exe

pid	process
2940	iexplore.exe
2940	iexplore.exe
2072	IEXPLORE.EXE
2072	IEXPLORE.EXE
2072	IEXPLORE.EXE
2072	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2940 wrote to memory of 2072	2940	iexplore.exe	IEXPLORE.EXE
PID 2940 wrote to memory of 2072	2940	iexplore.exe	IEXPLORE.EXE
PID 2940 wrote to memory of 2072	2940	iexplore.exe	IEXPLORE.EXE
PID 2940 wrote to memory of 2072	2940	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65d536614f46b955a32b71c880cece57_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2940

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2072

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
252B

MD5
edd9e8cad0ccb0c76010a6b05166d09d

SHA1
889f0af92584888d81ac8b3c503d594b7ed421e3

SHA256
c37e7c634ac0563d0784ae75209d6687511a152a013d1e946d2777d00d5f56e8

SHA512
201fb25b8db704ab9bc2644ca5acd689e0ff0077f884586b032b62bc4abcf324ba09a329e14023c3b223746bfa7e654b12a17b1f08cc818dfe3e6b8245ca6fd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c14a55f6dad4fd3a33536d62eb64263b

SHA1
e20dd8dde8142d06689a08bbb66c71e15644aa50

SHA256
ba01677e4839a8cba87c85a160f35edebc2f71446b6d906e0a4d8c131c53da5a

SHA512
bba38d91f7ec97f23df6c3136071e25c83f931a9572c8466a12692b3f5d336b1e2993d1b4a1272c6101a90034bab9cdd42f3e9d1be62027901dfadefdeb2d0c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
cde6245430cec7782ff2be7d8d1b8bdb

SHA1
3fb01f18307d521ca0c6cf16921e953e800bbf9a

SHA256
4dd5e4c26387a7e81dee61c7acd543637647e45b4177faff437ef7d184d9f15c

SHA512
f0092441ff99b1ddbe92df77e73d86b71c6384f0b2ee78e081c6ceefaded60385bb14dfcd10fccb191132e671046b3e41e53aaaa47f1cb2c367d81856d0f362b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e74eaafa8e6c9cdbcf0b2a20f89299e5

SHA1
0378022d2093ba73716a457e0395cbb88ede1d3e

SHA256
52716e24f1e21c2e4d26002055ef0740d99bd67f2dc4e860b0a1a52ccf502325

SHA512
26f0b912874b3130816b5228a19b52943be0aabd58cbd4bcb86e5001dd8d50421500c4dc4cd5a9c9d52e1d151ba652a8b8f310759f4b4969641a7cae1358f628

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dc942d7ebdc1584140eb189faacf9d0b

SHA1
2f5ee3d7ecf92b2342faa87bb3f3070cdc4ede95

SHA256
10e293816f82bb6f01f8f651eda0094c2b13bff58e845946be524908556a3a9d

SHA512
3b44a43e8e95b97855f494b536c60953d2c9b068c832725d4a4a5676ed18f63ae234f33345846c556b72d7b00d1a9d6331a207bb866087d19fb89cc6404aaa46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0d0895a648ecb5532825d179b3ce7010

SHA1
887f1884bd16301b7ad29f844cd50f810431d9cc

SHA256
c59f809a9630613c9f31ddc7779f28a4136132ebd80884b0757b2c5d8bcfe772

SHA512
c3c12a99db6a03886c911a82da56eea3412bf832e8c1bdf111b8b543f435566538d914e277195c53a9159b84e94c86ed9baabc76c0925c3b64a70209ae737950

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b77e5fd32a3789701854f8211a567754

SHA1
bb39fad8dc2007fb659eedbc59779ac0a0e75f40

SHA256
2145345f158a02bc95f9afeb144dd3e217e92fd446954b8420a4c457c38f4829

SHA512
11d89c2b8caca71c825445edb69e147c3046b045babbf9e3c00ff591130084f0be9c8842ce20dea0920938ee0aa19489f5157119ed47a094f1d7bb66642f536c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
47b85243ea5c96ddc22b1654ac044a5b

SHA1
32fd68d96ce558672c5b9f21453356b5a3b6bcca

SHA256
ab7bd60fb7f6f2f83b6b29f4e7a939e9078fa9301bb9da7620dc2ac0a477b69b

SHA512
0d4e015e1ff62d7da7563185ba54be9abbcb6d9f6b85bed939ba3b1aed66861804786bd0c9a6b57fd417f35f43dfa47fa2d8aa8629c5438a6b5417d2380843cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
afe8511e30f76d1a5220403ce4f4ade0

SHA1
3ea8eacca3b34da71cfcaf51994fd20a098c5925

SHA256
bd1226a7a2c175d55087d76bd5caff3c1e35dd7016b6247c7ef47e24b0170f18

SHA512
f8680b5dbad1146d150785f5b4e9c68fbff2f68edd8fb7c38adfb9c0adbc34fd50f42fd7e23f1614f1314a39232bdbc845839e89bb8bb2f849ede732f1968e4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
219f2bb155a6ba0c9aeb5aee6f2a64d7

SHA1
55cee99937bc1494a5bfa16b84e623536fc0f72f

SHA256
83b4be31d48fcab7b190c13279016e6d2f7fce23fa09d357d89df58b10c56eec

SHA512
40515dd0973fd6f74267ce15440252b507f2fe69e610be5e435ba33b3f7ecd32d4a68d7e24bd75e4e0b97d86ad467e11dcd02d3ec964ce91835fc872cb220678

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
52049cfd02c55d1c5a3b70e57e57c0a7

SHA1
8596e68d85bac3df1f7b048a37effde1eaed85ed

SHA256
f5be1016c544cc6cda9fcbe0e47556552722d0e68a01b9f2b6d791fbd6c3c203

SHA512
ca325dec44d89fef5157b0886d4303f2cf21d05ab355e41e05852e2a92c451ebb9034a7ced68c0fe45c98f34f66dafcdb4ddbc936ad532df9a748e0bb399b5c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5cf77a3cf4fc5d6296fa895a7ebd5605

SHA1
62e38c2780fa9ce30122aceebae2e50b9fabd9cd

SHA256
a6bdbbd76bc92855d6b7bbf36b0be2b1628d09697dfcec92e4a1d729d5255353

SHA512
96d4a1a0fef68de96d3e2f27e2c057fee805cf343fec68c41a48fff5c9f1df2b869f0da59ad2b881676e7195611c6a2dc5e7d8dd48f1cc7e694aedb9cef3709b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4b44b544e7a3de019f75ea7fa7c424b0

SHA1
b56a7846403295506f9dfd0f1379d20e6505a4e4

SHA256
72eae1e84b5663f837ef053848e55490ec18cf10469591e136ef4a7cbfd7451e

SHA512
d9b91f272ad80605ff99004208dd9a30dc83f81e7b338499d69a69ac00adf4e5a9d64e40e8555093a39e48c975315234e73243b8f4ef2234c365c83a956e20f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6db408ae56d28344d7e346815de2414d

SHA1
1c35c5338d1a28dbd3b82d4f11c6d8b29ae73941

SHA256
19fbb4a46703644ada8ba386ca9b0053923f76f0967473fc7b951ccb70454a48

SHA512
34cd2394bda45302f0084e5f49f380a18361612e0c1066d5685a3c30e20b7c2b7201e85f9aa1e27e972b006aff9c795cfb39f32398aa4218ecb1b5daf99f65b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
94571f5d05f58f83a1a468299ff7772c

SHA1
9ac5c71f6df66926047cee88ab14160a457e0bd0

SHA256
061a7070660733d1bff600d83dc1d34030c3755b7aa3800cc19c3bba3d394041

SHA512
d961e5e65a554b7bb21d4c9c3182d53392189f6436ac2a45886ec8ffde8a0a721ee5519de3cb613ca78a885665bf87b58bd48c70f0b6b7b231f365d21c63a740

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8241fbd15c7a7c466c27eadbed3e77ce

SHA1
e66d61d39bca29d542f4b2a2deb1ebcfdb12a2d0

SHA256
c6397b1ddfbbfd9ddffd25eb114067863487abba9031f81893e420253a9b9ab6

SHA512
df173fe56e4bf7226f1de5bbe521e967ed272b0444b3024b8cf94bdac919a4255859fc4e2b0c8c3b040b0789dad1035f090d3426d0da11592461504f6a0d88a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
178df729f011cf501de0176a7843aa5e

SHA1
e6a0a3398c8d117815541463c1ffa93f0e8a997f

SHA256
3fc5ca91fc35a9f4723f7c496a534176b16292d3a2aacda930f86a5ba05a9946

SHA512
ab489576cc17214ad7a2301385fc4a0dca4ca514405e6478c25a6bd6347d3d8f9b334594f908b9803444b2271dd6a5e860624fbb4c2c3fe9e03fa1f454bfcfc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
9460fac139d70b2cae083d1fe04d68f7

SHA1
2c3285f3af76a6c876d4a0426851722e50a54deb

SHA256
5ad138af5a772e70c8582bc1de20a0cb96c8ee0a9a584d738733ef91f6ffdcdd

SHA512
788b9633f37c733411b664f8a29317d8dc7dfcb7ea8ace9cc16bc3c0a66b517ddd8f872efffa789036131d98ff36ca3374c2eb19b1b319b2ee36188cd045cf74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1B9C.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1BB1.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit