fb515ef8291a74e6c23dfed32ee36cb09c623f8915c5bd332e5c2ee7c7116a04

Analysis

max time kernel
150s
max time network
144s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68717a9a97474c6a1473a272d2b5bd0d_JaffaCakes118.html
Size

35KB
MD5

68717a9a97474c6a1473a272d2b5bd0d
SHA1

620defe940ebbc0bcaa3a14844df9edfb26e6737
SHA256

fb515ef8291a74e6c23dfed32ee36cb09c623f8915c5bd332e5c2ee7c7116a04
SHA512

1002defa6c6f97ad197997651c9d595f7fee76d0a1afc05fbc5b02f4c04b4de98fee68da2b7db64ab926aeb26a0cb602c913e6e024bf7af4fcb101f311113e33
SSDEEP

768:XaRblqAYT154JUxCzQKL02iCXlJdoEoUA2MIrsTUEmfcbaKS2tVYtdW:XaRblqNT154JUxCzQKL0nWXoEoUAesTt

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2BE90DE1-1876-11EF-91AC-F2A35BA0AE8D} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422569997"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000001bc868501297befb2aece1437c742354d2add2340f6f59d4a08c1e20cec2bba7000000000e8000000002000020000000941d3d9afe1b41f456eed8ddd6821d2795f300a0f49196dfa6ad33dd6d0842d190000000a71a21dd76d9f16748d81960c03df01003f23b5ae0211e1ba773f5f0d3a2ddc4bd41f6580c7aa618af064604ea7516992a62672f59a3b23f32159419ef6a1e41d38de5338f3322d5300ca18c9df9bd88b5d7ada34b76213b7e657f93c2553d991a8af53d6ce58d051e361e3cc752c74dc30979295d700c006de50c55ce7bf144d7212fa7d540b8c4330117231782b91a400000005fcc09c44eb2b5d9c62f0683076cad4404e8f8439916b2d328d100f1b0867d5c1dcb7ccd660ac6b0232a2e1ee6f457b564a951a3e720b34919b2ab491be03ad3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000bf725e42ec357bdce3297fb138856972bfe54452349666781981bc020afff527000000000e8000000002000020000000305571d77c134309f3fe68b3b2eef4974c9b947790b384e4275812e44f32f31e20000000ff66154f54c1a01fb9a543637d10d7c87c38208e7d8725faa1b2e6813849a77c400000001d5327366ddc9384b22d9faa564a64d070d3b8f685813c8e88b09b3a33d904b4f8a976b414ae50eb3e789f6cd87c44c23fb60decfee26947239e45bedf83ee1d	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60ff4b3483acda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2844 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2844 iexplore.exe
2844 iexplore.exe
2600 IEXPLORE.EXE
2600 IEXPLORE.EXE
2600 IEXPLORE.EXE
2600 IEXPLORE.EXE

pid	process
2844	iexplore.exe

pid	process
2844	iexplore.exe
2844	iexplore.exe
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2844 wrote to memory of 2600	2844	iexplore.exe	IEXPLORE.EXE
PID 2844 wrote to memory of 2600	2844	iexplore.exe	IEXPLORE.EXE
PID 2844 wrote to memory of 2600	2844	iexplore.exe	IEXPLORE.EXE
PID 2844 wrote to memory of 2600	2844	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\68717a9a97474c6a1473a272d2b5bd0d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2600

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\30D802E0E248FEE17AAF4A62594CC75A
Filesize
1KB

MD5
adab5c4df031fb9299f71ada7e18f613

SHA1
33e4e80807204c2b6182a3a14b591acd25b5f0db

SHA256
7fa4ff68ec04a99d7528d5085f94907f4d1dd1c5381bacdc832ed5c960214676

SHA512
983b974e459a46eb7a3c8850ec90cc16d3b6d4a1505a5bcdd710c236baf5aadc58424b192e34a147732e9d436c9fc04d896d8a7700ff349252a57514f588c6a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\30D802E0E248FEE17AAF4A62594CC75A
Filesize
338B

MD5
88afcc2338b77c345d2dfc3135b7b2b3

SHA1
08ffae01a34081046f235c4c13fbc1f317f6e80e

SHA256
698d4f308ce6e6e6914a70507abd765d4ae0013dffce71cc013db8ca987fc585

SHA512
4adbe549b65ce7d2d1ac94f8b73ead71c37cba5f3a6b35ed0dfb57652e1fc0feb2254f0c53b7400618c82ee0e8674915dc04d6134acf136ed35da45a68a1235b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
68eef7b623c9389864627cd51b53c465

SHA1
9b557ff52007164d6c6c8320cb826c2a58b6ff60

SHA256
ec580e159ba716d78c8d88c035a1ea56d92e74acb5285828f79249e0adacda1e

SHA512
dc3e10d4b114754186aeb4b31b587a2e626fe2664967dc637628a76617592cbe2deb6831b4754473d3f3c228a96a58da26448803cfaab656da5f612fe8752dfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7a915472591465826ab6f60e1f51186e

SHA1
2498d83ff5b1f340d6612186e923e80e78074970

SHA256
a1ff1b2642b0723e6c3953234a9218a064ebfe6c94ec82d018d3f828a1293ee5

SHA512
929db3d62523a0778b5ea0874546cea4e78cd8a919c2c6c5895b8474becf43ff3f31653129bcc0df3a5c337e9c0d6803abd8b431858bae5f764a44fe54c526da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e813e11f140eb495cfac93b9fd81d8d9

SHA1
95dbda3b3f89e14c2e815cbba9f455f487b38c82

SHA256
8b69f8128511030ca56782b3d218fb391f1676ea2982708a49438d49ad9279b1

SHA512
ed3ec7eb7f1edcf68fa5fd5ae58d6b2111ec907c671377e2e2eb397cf120fb490fee6d026524ed1136a90a42c4739c511275b87f0ee985fb7de4e4604d0f5cc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1cef3ee297e70dd23148d43b4a87a1c9

SHA1
8862b380b45a5970653d34da0873326f16e9ac8f

SHA256
6b9b3acfe75b3fb8748d8c69b02701638ce2b1fd0b84a0dd982a7e8aafe86d3d

SHA512
58b6ded2c25d6f396860b602f68fe480c60b40d734d7a8b981bf0b29aaeacae8f6823480bf263eb8acbeeda968467cf64e1a99ec26050b35d6bd69fbe5faf38c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d02a535e98921abe3184515cc019460c

SHA1
9d644e2ff4f1ec37724caa5a7782a77284eb09b8

SHA256
8ff0918cfadbb5cafe0e9f23654a4c4f0ab5b2e6deda6f2a32db2f8c56c3a3aa

SHA512
d00096e446d94cdd35085cc425289c8f563ba4269ec1d8cbcfc9197e6b136f97c40f20f914c0fcca6b8cba87864f882bd00d0f913aca61ab7e99c1f6a1b5210d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9c87e7ccdd3da845b501cab43b844159

SHA1
63db7b36bc115341799a5321031585f60305ef3f

SHA256
cc082d2bf8626a61afd05af7f7523ef2f51f71bd6f20bb40e6a43057233ca317

SHA512
d3a7e86fe2711fcc8afab37019c7d89104fd03c560d7931fa1bdbc2cf9c96cb1f886deaeb702845b4784828e18c644a8ba8802f75a9ca7f5c1265900b9bd8257

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
336f991a213e1000d65a84fcb62293fc

SHA1
6958751e34ea9522f9cb3ee8694eb72873a3989e

SHA256
5912a2f0a18bc5cbd4fba5871319d4e432c16217eda36037dc0bd9868f12791a

SHA512
434fda9dd79faf14302f91a510e3721fbab99387e36cbeb8db0047567df2522d705b6e1e131b88331ee994d7e36e9d803d54c8e20b155ddb9e45a30cb66df141

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1a33c86cf7fec32731e512951bd7a451

SHA1
00886eb5f5dcee94dfb9169a3f1da7a0adb6070b

SHA256
5e4f9a1759e091c73f2d3df2d737e9d815e70aa42ca30a75d94d697663c0b13d

SHA512
13bdc6941916867412c1f2e4f00205bfcf86afd022e8affee93337ed03ed29eb93814afc4bca66391221cf6a764b3857993258526fe813eabf3da0545f86bb9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
61ab40f377b2756684202829c8b5b3df

SHA1
45263c71780008bcc52fa3435bb9061bb51935ac

SHA256
9c51550c2d181334e906bd42ccf77ce53ff232da9cd1e2e537a901f95474a56a

SHA512
9bfbd160b279a7230b44f01599d6460cdd13d7430a4cbbf3bad81af863acd85b62a696c9a64156eabfb323df723d6e334693ab5614fb9c24db713b1e5d0c2c14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b840a76cb3e1ce7158e014d48a385029

SHA1
3fe71db146947cff04e4a510f5e63a26ce4a39b6

SHA256
6f4b9d99739855cc325e8d1cacb648e222664b6a19dfba038541ab4517c9faeb

SHA512
48bd35642d20a061c4712d8ebf703ea2401f36ce963a8e8caa7d94d77ea89bc8b461c8df0dea1a047a2827a42dc72ccbc182561e10fc5c588429dbd6bca39a7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
77be08d9189d28a630e831e3cef24854

SHA1
efcf1344c8c4b3c4de999212f545ec3ea721eb14

SHA256
c8f8faeaf22dfe8201d02f049d47474430bbc4aea6cc549eb2e909053eb68fe1

SHA512
65acd1ef1709cd37201f8ab07b33c93c315a0ee6c2f70d54b5bdbf81b1a6bea4b7225da362a398cedb832d24ae8504f20c877958dc44fe7dc8d97bb940be0d83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
280408eaf9f1918b9c3f910d0b253a47

SHA1
e35590ac1c9ed3de2a951d557937b0a5beffec17

SHA256
af143016c902e939e0c686dca7934bc7a84a28e7434b0794752fbaf465b811da

SHA512
b45890842ccde4f51aa5b9518cdd4ca5f1e6455c9d48ca766068ab631f32c5b8ffa3303a684eee7318444719a24be72f445e1b9d7baccce0fdf49e4b5d07bccf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
94f2896dee7c0ac56d258e5a23028fd4

SHA1
273cbbb3a063cd12f7cf4616c525062a8fcffc4d

SHA256
a159717885b3cad7322267a2c34eb69633ceb9a53ccef41f678fb92fefa6050f

SHA512
e83387e25f3a74553bea3c7204d3f924da24590bf3efa22b61a78d9a195b427a46f21b7e96638fe1a690517e5dd8cc055b1d424e84f4d4da2cc57a96de8672d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
af5e11d4df15f6dce030ca30c6062be8

SHA1
32f019db6d908c09361ab2b13b9dde45b8344589

SHA256
fab356f2c16bb76251aadb20174905f0b29393178267eb2dc4055cec14ec4248

SHA512
9ded66700294ebb2d951acb33e34f12db4ee01a2c3445aef4ee493a91eac7e297d79f791b012bd9d791f9a95b3dc9595b9e9be799be4142f39fe65796bcacf06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1B5F.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1BCF.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit