e9b4d977bbaa8d8802f7206756e1566eb3ec4af24a7027eb68250a5507e75ae8

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

691a042b5acd6c4ea4cff69eb491843e_JaffaCakes118.html
Size

220KB
MD5

691a042b5acd6c4ea4cff69eb491843e
SHA1

a364eac94c7481bc6c37f404d91e48366f9a4673
SHA256

e9b4d977bbaa8d8802f7206756e1566eb3ec4af24a7027eb68250a5507e75ae8
SHA512

b321f39259b4d6bc85509c438a5b7c0c824bd72646842af11fdc03a5ca195bc0a46d5a1ee8fb92e6c148961b423b316fc01af7d3f9894b0cb1eb0e4922626f1f
SSDEEP

3072:SxZzGEMz72ZzF1RyfkMY+BES09JXAnyrZalI+YQ:SxXMiTUsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3F4F9611-1899-11EF-B9A1-EE87AAC3DDB6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422585062"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2232 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2232 iexplore.exe
2232 iexplore.exe
3004 IEXPLORE.EXE
3004 IEXPLORE.EXE
3004 IEXPLORE.EXE
3004 IEXPLORE.EXE

pid	process
2232	iexplore.exe

pid	process
2232	iexplore.exe
2232	iexplore.exe
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE
3004	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2232 wrote to memory of 3004	2232	iexplore.exe	IEXPLORE.EXE
PID 2232 wrote to memory of 3004	2232	iexplore.exe	IEXPLORE.EXE
PID 2232 wrote to memory of 3004	2232	iexplore.exe	IEXPLORE.EXE
PID 2232 wrote to memory of 3004	2232	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\691a042b5acd6c4ea4cff69eb491843e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2232

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3004

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
252B

MD5
151c7c58b999483a10188e3ab8907b5c

SHA1
c4111f6771149312bf8b2585491267b15a7420de

SHA256
f0f8e1f0a6c96842579d9afe21eceaade63fcf5f424bce071a4e79c43b473544

SHA512
04ca2e464b79b5d1f1cce30dfeb6ab19ffc0a33549e4b8d0eb81df17dabc5bd4022864657f23d3d2116ec7490cf16d2fda5ee86d94ab95f4db4c0d7d1e897d30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
019427871f203818b7ceaa27d92f68b2

SHA1
bd440edc9997831a60a3551a7a386d5845b96254

SHA256
1bc98842bf7827999515ae273066097728c894512b9c7e5068ed23dd42c1f629

SHA512
f02f6d99aa53c3200ea5dfa6c6d42a2fafb380f9edc4819c12f144f7f0c480d382041b03228ab94ae8e1e2ab7e8e4949a6bdaa17a11d45a99629a864c92fa379

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
304a0022d64e0d587563697c3ba681e6

SHA1
42d345c9ae0b38df92cfb69601accf80621acde7

SHA256
99299e72be34f954d6dd29bd851dcd36ad65b01b0228baafcf836fe59dbbad21

SHA512
7af42ecc1bcb8ed89c0749948df13e36e56d81c5c1b14fa45d6344a20fb9e0827aadf8a6b9a1fc0fa394f781cc448c2fb49af3c0fdef5409171b70af71d88e68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2a108995c26c3c7f1fec6fb19a78c6c7

SHA1
07783d91da3b246f8294449f970c5086e80c49b4

SHA256
b19e33a4a68727807aecd1a98392ca20e22d4db94b5886448a344745215453dd

SHA512
22128d451904350ceb946400fc64eca236a6ebb4259e9740c5b1fdebc807fe5168d901e31bc7515c0fec89aa2dd2342e807b37d83ddf1f127b9cacf96d2799b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
66cd27a0865b2a31aaa4b5a89b1961ed

SHA1
02697f66bf0343b806eeb7730779b0faaa600f04

SHA256
574fe6ede8fc676d27536816c34595405662db7710f97230a85b0d5e26f482bd

SHA512
2e762c2008b64852d3880c0b2101ddc00c6f7bfd466d3bcb335ee930dca5b1a491773283edbf7a2b703486cd674b30728046a666801c53dc46ed4c2fa8eb7865

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c83becf15bdcf54edea9b098e79f68f9

SHA1
04fb4acfd35dacacc4f52676bec25b58b6a03153

SHA256
c4cbfdd88a0c438e49ff94394dbdde48b557fba5a964e493218de7cd444f49ac

SHA512
09d52bafe5a8897c63d2b42c8a0bfad0d44f74a8164c22ab06abd78640e4c97947a5d4e575c04555f1b5d3122968ec198292f7bb176131dd57e8cbaeb1a25cb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a546bd446c74e3e77da8784fadec6943

SHA1
0f99f25413ed948e7cf32c77034613c44c7c3a20

SHA256
2bf62ee9e316170621a86314ad302851af9f3c806e06747dbb3ac42511acb7cf

SHA512
62613063f718cef9fe67e2f629c526326c26dba024af7012b510ef075d96cdb3d3a75a31dbaf961f023f519b9323463795f5da11135dd78037fca446f541b3ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8742f81bc1460c864643de9725a4cb4c

SHA1
4c9df1bc2ada20f4bc427683b89d504aaad7d295

SHA256
1f4630f37b6da7e1a7954ba1376dd04fb4f398f86fa406c2b37618bbb41b8385

SHA512
fbe245394cb166d4a9efb313bbc10a8014ece9eaef97fad5a6155e2ed3495869aac689e95088e3b00ebc9d297ea47a9730dbebabcbb7318d52a975635a3d3c90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1c1b2a04ea1f53def596ac5d740a2ff8

SHA1
a0a309c54c72f4d6edc4c67cad2bb1506d92f713

SHA256
0b25afcba60b5d81f9229005ab7d537503f9827f860e0a79a353b237c3f98c93

SHA512
d528cedfc260109fdc0c90f943e7cbe0ef90240ec56b70f1aa74db4959c5613b0851e3150bc61b3f103e50ebbb2e8ce720e3930d164066579cc35f90128567be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0408f824a532fbf2de882130d6d24a3b

SHA1
cc8ca364709b00e09abc5e49cd347dad2e412036

SHA256
685317d6931a1d034493b291d23751c6c583b0dd420d38b319e34ba3c02bc966

SHA512
c9fa10436f08f9a7c35bfca1b55bae06e494d2878e204eb758263d8fd0acb3ebb536e452a46e0c5f7560b257b996c4a4081f7efd73261597cf48c72ced8a2f39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c633460370262432d8d5f2b0150d0253

SHA1
6f46c1e13edb7e690a6fee36b1b581c6994ff1b7

SHA256
970266fbdaf1df81d50c4857552489d73a22c84d8373d9c53a56a636d6cd22a2

SHA512
d23c86d506b3c100c2a42029497f23245e6ac6bd5580b23ea88419809336899bf2805d7a21db7681bf8ea8bb82a75c720e8d517689bdc6d9a7c26ade84dca1ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d0b08c9734d2ab3d084d135f16245456

SHA1
7aad1d0836fdc1c78e7dcdb7160fc4feb18e7bf1

SHA256
84268d027fe3948bb202c457e398d11fc53fcadef60a8a2bd55e958c580b85d6

SHA512
1ef82cddac175d035b5583a5e5a4a5a8b3e8af1dc1eb5c0c752088d76c7e684c11ac31c3195ebddbed3aebfb032cf07b234d3f6f966e21f60480a97df3c562f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
4514f87d2e387c8a0e87db8ff3e909c0

SHA1
c8bf1ca09a4b361f44916c89b99da8e31ee23708

SHA256
d247e84f50da997436d65c7ad8994313f572663a814c0c7f436b52aca3cf6536

SHA512
75991e4862be87e28f838d9fde10a6175a8b0b89ad79c9c1a65061a3e3df40a1d32c90471dfcfd7e2dffaa9ef377ad4bc74dd02aadb37e9b29380246fc938e9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar11D1.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit