524cc64b5a1f850e2a19075de8c3a637c338cd3c711005680628b91181dec17d

Analysis

max time kernel
140s
max time network
141s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65e5e243e92ea80dc49a85a8b22b5382_JaffaCakes118.html
Size

2KB
MD5

65e5e243e92ea80dc49a85a8b22b5382
SHA1

f775ab98be442f67163989ab67d6e51dd6e7a901
SHA256

524cc64b5a1f850e2a19075de8c3a637c338cd3c711005680628b91181dec17d
SHA512

3e7295e3efe24c9960f021142b63c58b3a26921eba9065969d81fb80d924fbf66bbd41c7de2405ab96dcb5f797af4d2330d199004bb076b53e5843fb18d4ba1e

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EDA014D1-17ED-11EF-A68A-46FC6C3D459E} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422511481"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2188 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2188 iexplore.exe
2188 iexplore.exe
2820 IEXPLORE.EXE
2820 IEXPLORE.EXE
2820 IEXPLORE.EXE
2820 IEXPLORE.EXE

pid	process
2188	iexplore.exe

pid	process
2188	iexplore.exe
2188	iexplore.exe
2820	IEXPLORE.EXE
2820	IEXPLORE.EXE
2820	IEXPLORE.EXE
2820	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2188 wrote to memory of 2820	2188	iexplore.exe	IEXPLORE.EXE
PID 2188 wrote to memory of 2820	2188	iexplore.exe	IEXPLORE.EXE
PID 2188 wrote to memory of 2820	2188	iexplore.exe	IEXPLORE.EXE
PID 2188 wrote to memory of 2820	2188	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\65e5e243e92ea80dc49a85a8b22b5382_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
0a8adc7c14759ed193e9ace8b612738c

SHA1
bfe8306ff781a632917d54d7f34b8cab8d4b26a1

SHA256
97e9a4b6e62ca7fd8a449591cdd77d6e20e1df84768b2c93fa9e68c1c3576f6b

SHA512
2ceaf29c674f1c7bf8086692d292bf0d15385f4380e5526885a832273147f9ae660e60c019731dbacd35f27831704838b9dfdfc9c118d635ce0737295bc593bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca0182e3c484cdf5c0ae730d5adb0492

SHA1
f29a911c8d9927b7198f411a9373cc42c5d93379

SHA256
f019a2b11dceb76351a6840a23a7d3d3c53e44d828d1a9209ff5a204af01c0b4

SHA512
2d0a48108bb6205ae8eaf064cd31e2c497b82c2fd0c704a1f19b91bd2ea0490f0479ba7eaaf52e7e729245ddacf116a4e58d9901caae0750e737fb15c16c8753

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be69f429aeef6c09aa2a200807b74f76

SHA1
92355b63f25c811e48d18bbb481886572ef9bc6f

SHA256
664ead33c301bdf0ef5e1f6874ddbdbeb2956e1908d3d7a58696bf0093860d9f

SHA512
448a2acccad82a2fdd3b5ae718f1283e56abe8deef03f5bdb356096cc04e4137bdf32c09a75ac27de54e3a7c3f19ef5b17c6bc2b0a13eaf297f760cccfc3aaa4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91b7f220d4c1bca9e7e88f2389ffe79e

SHA1
eb38e625323ba934b9c8974a6f0662ce0fdcfb02

SHA256
65e710c4ddae3a8887cacef780028b0d970e219042d5526840241bd221c28b83

SHA512
e30cd9565404c42f92444c7211962d99ca51a90e6bab01cd449efd813ad77ce6fd9fa758e3fc41fde32c2e09793a713dd8b2bc8f3051d6008b253959b769b814

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24a2e0b57b986827f2b3bf4835f58d77

SHA1
e593697c09c2726d50017dedfaf2c663ae0e2d15

SHA256
b67d0686a0a48e4d7eb85e6f3befaf0dd43d4cfc797207addfb9571596c86102

SHA512
0fe057cc6b37c82ef804212aa2ae11c1a06dec407eb045fa375601fb1c242eaa0bf72602df5ba10310649e781e6f37824c975a679e3243edf0c4696471486cc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
858b8554ce8f29dbd7a9be5f9bfc3f90

SHA1
d8243d6a3ce7df43eeb0b34927f222fa53bd0631

SHA256
57e28e65248239ed59e34d3c42bfe518a203598fa900f22914cc33bd99c99c4c

SHA512
5e16ce40848ba05f1b325333818d6ae8b2e87d1046042ba5c01076751e1ab4fba562be1e17e370a61d282de38c603745525c028203a41cc96d159fc9ba285a55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cab341a0f206a366b21a590d861b89f3

SHA1
d0e410af54a601779b97c861bcb028cae0ebbc37

SHA256
7d17b7ec41591d89e13af3d75b7e5b61dfb4a5a9177ef46a8c2eb3b7d603a6bc

SHA512
44b25e44029db6b6c9bb8eb91f47a1a687b0f863fd67ed64f527c1e968dfb5fd9bdbe5cdb1df2207cc13ee25c464cfee7b5a74c0c7e5733f5b0b061a450a10d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f165818f7c5f6f536e203a7c041df158

SHA1
1246560d737e2b5df98872309775d306a0b4500c

SHA256
73e12a64fba419bd2f0309582899924f88ae37d78de023d4c8ab1916fe909e8a

SHA512
df6a782a20683d7a861c7cda38795783da57d5e2c0e7b9cff0c82e2be4b0317d1e0aa03cf3e8a427ff3b1e99c782a8ac3ffb8cc23e7fbddbb6cae68f7e2a4c20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37f1fc9918f649f9b161c169780fca3b

SHA1
d7094b0e7cdbae389fe9c931c9d6557d2198face

SHA256
e3cdc1c560d878ba5447388eee385124cf2a9a6dd82a3ce2e53520bb24b8f891

SHA512
1ed13d4fd8b505ac92a8217d9058358ccfae5d844c205567dd0dd77ee3efc8cf0c23436864cf8dc51a116c6d0b512b187c79c602e8aec4546671e3aa8f651ce4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6038a7a949d70d587f1d0de8b9348796

SHA1
4d4cbc506750f7030b662c58ce399d647b645609

SHA256
d4fe8eb1b68bb9b1710c5355cc274a305183757acc2a204bcb627f4ea86d4b83

SHA512
f34e275b21dd374cb51f49b08f129a567c401d7d0db38fb4e0d5c43f073b6d8f3aa526600e7fb3f30dc73ae9906a4810ec2c895fdc1d44ceb4a36579086979cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
25e1d4c07beb5609c51eb5ae3cdcecb6

SHA1
a6f2148c21b3d1be58b1b91826b6646835619670

SHA256
f4dff2bbb746c4c029891b75ba264ab588e205a91a6b74cabf09b1aec0a95e86

SHA512
541fe651f0f3cc00a3af246a05202201b2ff170bdb739e7098b3d6765f9ba23a961d95ddd104564f8b53ee5e8e56845341af54a542e80d76f222cb112771d19e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar104B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit