7a50b0c306431a41e47fb03a1847a1bef231e6d253ed917600323f55cad60764

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65d7d38a9a3b4a8edfa6a81c63141a29_JaffaCakes118.html
Size

59KB
MD5

65d7d38a9a3b4a8edfa6a81c63141a29
SHA1

4b92090c8ba416713ca22e78688d53c36231a8c1
SHA256

7a50b0c306431a41e47fb03a1847a1bef231e6d253ed917600323f55cad60764
SHA512

9a4692941e034460e745267df962da25201d00c1737535920008df9559bdae2f4a1c4638d03adf844e6b9f296eb5d71badc869be22062831ae482a615166db35
SSDEEP

1536:SToW2mvb26qRalVB/SUUqzo7VdjxUvYu0:SToXmZA4VB/Aqzo7VdjK0

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d164c42fea718d4cb8f6207b2f85151100000000020000000000106600000001000020000000b04cc8ca08247e43470e1101ac5323f07a581ba93f76aa68ad885440d261d1a8000000000e80000000020000200000005200bdec1475fb437a63d56ded49c204ef330c6a339aba970202045d18363ba620000000315694869ebd4741618b5e5bed4878d5c61aa84895e791d3607b65ea734ae37d40000000f5373ee62082732841e79fc28e1cab02702da762c0c39e63d0c5480e6ac6000876fff160d2d52ec62d7e17ffd22c98ce5fa706bf8f3f34549968b6171e42952a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DF9F5CE1-17EA-11EF-825B-FA5112F1BCBF} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422510169"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0a722b5f7abda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d164c42fea718d4cb8f6207b2f8515110000000002000000000010660000000100002000000098e246a0a2b2f35ec90ffd933c52366215781f03a6a7b05cf50a78f070384226000000000e80000000020000200000005dc56585bd91808f02abb828742914a25cd216c122dc72d1720eb483f606f8f990000000384dde56ccb394ba53b178b5c086a8bf845885b11ea2a25df92cc0ceb64c360f6db5ebeb3e18de1ed7a58a44878d0125fcc65efa1340635b8601b6653e5bff919e935d53c43f2f92c47a8bbed8fc6a03a1815d5389b71fea4cf95312e43b52eb59d59bb7b80450e019d050f83e39d54e4888c72c2fa4c72d8d4695f00ac76b20ba0c6ab288d32785c9fc0484434f262c40000000391922f049fe8262c3fc6cad39174dd579a421fc8c0c5877985b796bb41e24832c881b646cdd0bf968d2f867f4d329f77389f80d7fb14aa86fbb555762da74c1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2728 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2728 iexplore.exe
2728 iexplore.exe
1636 IEXPLORE.EXE
1636 IEXPLORE.EXE
1636 IEXPLORE.EXE
1636 IEXPLORE.EXE

pid	process
2728	iexplore.exe

pid	process
2728	iexplore.exe
2728	iexplore.exe
1636	IEXPLORE.EXE
1636	IEXPLORE.EXE
1636	IEXPLORE.EXE
1636	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2728 wrote to memory of 1636	2728	iexplore.exe	IEXPLORE.EXE
PID 2728 wrote to memory of 1636	2728	iexplore.exe	IEXPLORE.EXE
PID 2728 wrote to memory of 1636	2728	iexplore.exe	IEXPLORE.EXE
PID 2728 wrote to memory of 1636	2728	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65d7d38a9a3b4a8edfa6a81c63141a29_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2728

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1636

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
252B

MD5
8495307634a65c767531289e6280e68c

SHA1
bc46aacbc95e3aa5501a31d457615887563cf352

SHA256
d8c9e6f930089ce174eb23ac92fe641ba3b9eb0b36c0e21c7ac63c3cdb6e1b66

SHA512
7d1106617fc49adba9cc477e472a04892cd6faa25ffb6dce77cbbad73d6bc04a355b3d41620d60782eb91824f84e9d03a297d440b993994510e01fd5481f5186

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f0945027f9f527f6309c81f58db61fb8

SHA1
6d1f8f02a9f8382f8b39cf2880de311ecb5a1d50

SHA256
caa548b725d630754bf997e9164e022612cf691f2f1036ea1aa07c459a75cfc7

SHA512
c9b8abfbc053f410bd5ab38312a545c1cb651dee582f92e160a7c174826798b547587a6add840cea6bba5d594c4dc2461a60cba935a9b77e61d5fd7918cf9c64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dba05677dd850e3f5cfd6b73028f3c64

SHA1
bf355ae756d760d0fd0be54d7d21094944388473

SHA256
3a790678b781ae64ab64bb6f28958b40a707e5bcb9163be70d21a093f9eec960

SHA512
ca7231de88d26f57e972d8e09f4dd981ba57c50b1cfeabc693c2b68650f0bdf50562916ea39aa20793ef3594449f58463ea2bf72c55ecf63ff85e70d3b3edefb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1b087dcfa962549506a6d3af40b0287c

SHA1
dac9a8b00ca5c618456cd6fcbb2b7fdb1bb346a4

SHA256
74d5cacde379396a15c705de3cb218950730a5f1d223495b898cf295b523ec33

SHA512
82abbddf2359316399a4429c47038634d433f2fc2ad342bff2f9c682ffad4396826555e81c90537d64058a9e92e3e1d28db848d7be2805bda837c84d7d6f3d05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
50dade169a559cc6ed14514e11605c32

SHA1
a613535a24d953a81c3ed41350f50926987c6646

SHA256
0e085b83a22ab74c8207fef16a751408c647c1516819cd6857024962039e1af6

SHA512
82f06588a9a51e0321d361f590eb39026e848515a5121b5dd8e4689cbb1b58bc23ed457c8cb766a1bb9d8149cba6f940271b5ccb1f2103ddd46522930d0b07c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
39ff210d448d4263665b7f6699c00e79

SHA1
462c45a94850855743acdc04543e4c6ee623effc

SHA256
f26b738add6eb704b01f611e1ca81b34c681aa23e2257385f6d633396055c95d

SHA512
dba796d7ce9778b33ab8dd8bd5306156917f1260c874b41f222871e291563566cde3e3580da293ef1cbd97d0cb4bb70224cb3b2fd4aa7688a7a6bd4c3a9c652c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
31b9ae90da478c071395bad1794f9c33

SHA1
29c905ebd2359987d4542284a1e36bf1c3a86d2e

SHA256
357ee8968afc0150de3d99592e4a10032cd8edf84744b905936baaa2c8bdf4e2

SHA512
514f2e6e19e790d0f799290c753918cfb3c91284d838cd98e161afa0f85f67e2914157e05b809c00ce237cb301eff538a5844f1b1029a9c33206ffc695b6e861

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c6c0a9f9ea06c597502a3772ef08fa37

SHA1
26bd76ce7293dacefb74dfd909303f33ec1b3e55

SHA256
6574be2b7e5b901c6d06b27758e5f949e01bece07a832656ee73f7718c862273

SHA512
fecba75a88eb06c340fc16e564aa8807210d5ba907b1ff686bcf73a6f205cf686b233cf15e1f6effb408779a9e2523d7ed238ce9cc04f2be513cf7c08ed3a16f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f776064226fb9fa19c553e4b685067b7

SHA1
59123e5a5ebc60930d3d8546c301d4f994cc7805

SHA256
20f558060dfce3d84d251f3ac9608fe111a16a8bac85e59915ccc0eac40f6339

SHA512
39a84d19e33af931720bbb717fbbad052ea1aa94392ae059127288c57370fdb75a0e297ca7c324b1976dee00e78532b062ba9e6af95b94832ad524c40317c64d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4b1138c1b9d7dd6b436f8e4415cbfdf1

SHA1
5fa21dc9708273f2ceecf5acc66fd61a234a6a15

SHA256
4cba233d5ea28be234a4f5d2e7325e71335b0defc5c50ab6a60fc00d52b9b2fe

SHA512
620b1e48cb629419335ef45e3124c16e29976158fa65dd97cd7ab1cbef91bfa20377ce02987e249250227302383598aa7d592c0ab8c433bda6d536f51275daf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
1192254c9a9d84a6fa2eaf44ade44d85

SHA1
672c1b1a7678413d4922f4237533a07361757aea

SHA256
0669c9d42f5831c5f45fffc58c1740ef9eeba9d1db5bfe121251f0ac8b7f0802

SHA512
cb5205c5fde9418afb509c01d58850e43c7a6994ba9b1b586ad2b2681b0c14ae7cca0cfde84403fdea5f6828909333dac4bb74f2b592886509cfe51997ceb200

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4B05.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4C92.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit