83bae8dc1c938c3423c6b8ace82d274585433ba8a3e00a74123bdbdad4689572

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69448f87f3d9706a62ec6bb42d7426b1_JaffaCakes118.html
Size

141KB
MD5

69448f87f3d9706a62ec6bb42d7426b1
SHA1

3b3127a4578e29726ee432b184611f4228722f5a
SHA256

83bae8dc1c938c3423c6b8ace82d274585433ba8a3e00a74123bdbdad4689572
SHA512

93e8ed07537b117dd999e016f02205e8f08e324303a2e35f3a76e3d261b2d31ed6dd0c58bd1ce812a7b803d15d3243f123b618caf6b346cc6e713aac97228995
SSDEEP

3072:SzAQ3QYbx7dyfkMY+BES09JXAnyrZalI+YQ:SzAOx7osMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B51D4E61-18A2-11EF-9DC0-D20227E6D795} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422589125"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2832 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2832 iexplore.exe
2832 iexplore.exe
2912 IEXPLORE.EXE
2912 IEXPLORE.EXE
2912 IEXPLORE.EXE
2912 IEXPLORE.EXE

pid	process
2832	iexplore.exe

pid	process
2832	iexplore.exe
2832	iexplore.exe
2912	IEXPLORE.EXE
2912	IEXPLORE.EXE
2912	IEXPLORE.EXE
2912	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2832 wrote to memory of 2912	2832	iexplore.exe	IEXPLORE.EXE
PID 2832 wrote to memory of 2912	2832	iexplore.exe	IEXPLORE.EXE
PID 2832 wrote to memory of 2912	2832	iexplore.exe	IEXPLORE.EXE
PID 2832 wrote to memory of 2912	2832	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\69448f87f3d9706a62ec6bb42d7426b1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2832

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2912

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f4f2127f090d507f94ec0bc9b11ffb3e

SHA1
c34a69c5225aaf414256df72194f7d8c5ba10218

SHA256
1bfa401b550be39458e4b41cb0c7ce96c76771dd69f2f9c42c0da973f3224695

SHA512
aea1ffe96f4e974fcd5a7a03ffb306a7fea5e5fb9d2becf60739f795bbc894451e9b9b83f87cf56039c242b159997a935f16388535b4a1a08bd7fc238857aadd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4bf918f4053697b7ffbca2ad9910d54e

SHA1
7d3e0c45f55ddfb33b3d278e16c32f01026444c7

SHA256
1b5c0ebaaf09bb0dcf7ec1323d93c9ec167e47782cddf9fa5e33e03646b9f29d

SHA512
ccdba1581166e7d51d7ca7327d471c6df41c49868b24a5aca84eb099b6096066336b02b76157f3ec55a72cc8fa3fd4f643db73be793907cfd02a83008c1aa8f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
41ecfe8bdcf703156da51ead401411f0

SHA1
ed2248870ff7f0dc20cbb7ad3749b47a499db62f

SHA256
2ea4510e54d6e787f979d1b725b2974a70a7f288825feb28f484167db2582a3b

SHA512
935138715cc40a6e6c241fb072475925c308df9e6fb94dd76ff49d71d323ccca1abf2d3b7470e53c61bfeded6b58436375c323827ceb1fd6c058b7e597bd5bc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0d68d8531760725d80d8fcc82e803ad5

SHA1
383ad5a8739faed998e8b77d59fa245cb51dff80

SHA256
f03c87c1deac5985162c3429705d0d4b326dc5068b507c4a46af0236ff3b9f53

SHA512
8906c4dbdaf441386426c0d0b6b88865002992551b3356b3b86e96b3704e877870a3c35f9dde41dc0c419bfda973c2a87ed493a4872f6e9307818f66bbb4cf47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1148fa898254a5643f557c1dd689cd2c

SHA1
01cfecee04e2fb61716eb9b6ba9b761540026c25

SHA256
73deffd82bcdef656893fc435d45e30bab9d54891025ee7c0e4d97bcbc1a4201

SHA512
43333236ded34757f67984fb61750c1e7727d68be437c0599cfe41fd13c5620aa0f05898f28a47d2f2cfac35c2631ee529f59e112d9031628fc78746ef75b8ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e15c3ff65cbc1990a0a3c33cbb538160

SHA1
57d7d3d4e31f9e54bb0ac307aea82c54a3db581a

SHA256
90befc63083e80119582f22f8973206bfb04f0b763512d09d8b9499ee4fb3751

SHA512
c4fbe50e9d963b7af0a2d6b4d51978d706edbd760c54273fcc7c1a776064bd5a969ac283bc60250a4be899862208a8d3ded0900b0d9b34a618149510ca3bbfec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
81be418cadf98b94cadd5d68accc6dd1

SHA1
1280f93d51c5871c3381d4407c8de0889f027b3c

SHA256
d0d3db12ebaef11eb72a889c5fae276803e029892605234990255c3b29bf2a17

SHA512
86f5b8ed2ef731eaaef2cdd2e09cb7d19fa1758b29727ee159bca65841904f3e53fd222bd6721917ff2bbe89ab32ad98a0b6a70b7541d2c94f99b5da7581458a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e2e0687ad60b2ffba9c3d9bd8826f8ea

SHA1
87af9115f9d04935ba0e8fa735b92d21a94233b9

SHA256
29d2a1ae85cc349f8ab5688665d2695c905c4b6c9e3f769fbcffddba01472395

SHA512
797ea372a2093dba4da94078312482c5da239d44a1553dddf26996241532e833a1c8286a2236223e89f81867141fd587b7b8d6470786bbb9403249bf2768d75d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dfa6dc6432e2231b8509673451924ae2

SHA1
d4804f03e8883e305e467ba83bcbc20621b02727

SHA256
fae0116c0a6cedd3a8afa64f1f327b30d6a63419273ab9238d60473998dcd041

SHA512
2fbe50106a69c4a56a60324e20f2ac996a25763ab823cde4e145f1063ec1bfb9065f6098c415590b607f688ec514e8b1a91924f76f8d40f56f396d46b3093ffd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
de9b591e42aeb21e0e582229b0d6842a

SHA1
920947e68151a3009750f25f8c7b2d0616500c48

SHA256
2de0ec6a48480ecd48e41617e3e81550f470d1eb2ba76f42f6c354890ff550bb

SHA512
9a7940f38a67a3743605a0d72256eb9afd0b33b873fb40c17c04d08609034d43451cb3002d94d03426a9aeb365d78fc8465e2dd8a5892c6ff74962f67bfd9243

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e48975f07258e5f482012857019e0a05

SHA1
a83b3c90b92ea1ba501b939154cc0a6bde2c0617

SHA256
bbecfc86d33af7fbb18bf5b51186a948f8914e8d9f1dcd996b9fbe70f59caf00

SHA512
8585a8988b72d70e68ca77824cf6c34b333719dc2ec60342e4a081719f71feca98cd024d0c7381f5f1ff83865e7a822c786aa541544665e83b4ebd9c1a8cb758

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7d14a976b4a24813f79e13d660196a7e

SHA1
9e45433b041cd697aa7eaacfc9e4eb4a07937301

SHA256
70153093d11fd7bb3fb2d4ae7952d7f7def11f51ef9487c2b3c84e7f0957ca24

SHA512
ee7362b4de06e2ccb525dcad610abce01491c2024001f9e956f14081daf0af662cd2c5b3bb1bc741cec6a3f80f2a43938c99e00171d3e76e0b9c93003e202f2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0dc65eca2524a5f936a3fefbc505463c

SHA1
9f549edeeba5169b5fe45ee455dcd7522f1798cc

SHA256
7763ff92c7fdc0e58c9b159169818dcb83945a6010e347dd39a488e3b70bbba7

SHA512
f72def09f8fa99b5c64c8f7b67172af73d0a58b9c6b0f818415c73e544c68e872e7f9832bdf1086672994d43e4df64bcbce3db9330b42f361f6f18f4bf525c45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5c2106f183762646e28cd8b252ac8b72

SHA1
f3cea3d069a0afd76042901e9e1e6b76eddb8980

SHA256
d9228666dc6750f906be5efda4fb646c67cf8e2e84c2e8ab25b93a98237d254e

SHA512
9060ca619592894b06a4de01e81be93bbe40fa5e18c27d4261d5cc65d832b83a778cec24311787f16b09f25e6b5fba5db4cb3ee4d9f96bc89e0646a56d840915

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c3c44c79240852bfe2ac0f36bf0cec4b

SHA1
516c087ae21d522cf044bd13cc9034f308a295f1

SHA256
cd0ecb1924fe2005237ff504370b1ad53d9568f0d917918de66e261504ccdb07

SHA512
48a9da1131084a592513e4595388651a9ccb06cfff23ff5bd7504a06c872640ccfeada861fccc905e74bf40c5a84b7f6f6a973ebfe59e357d48051699aa90f98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f8d5e3d2361bb471b59e68b551daf2fb

SHA1
8e7f952e41d42439802d54805b274b6cef03ac53

SHA256
b65b8192f6c0158b1829caafc1ddcf6dc706a8bb56bea45284a2a0d44f704110

SHA512
84e4ed44dfd7d386f3a8e54ffda47caea114a991c901e71ad8ec3d04cdf0a9b966ab8d2597def062b4bf0532f798e4d14de7960de2cb6c948bbd9134d6d250fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
329975eee15c448c8bcec94c91883906

SHA1
6fe44dd1db0e17e97dbd6cfd0d8bfe1c1a36fc63

SHA256
ebad29cd9fc47a30e59e1b91b9fbaf6b054c901fa7dee50e4c4e8c52741146f6

SHA512
d625bb1982f8c445f38d6f60db3ebc3217391d193c4d1cfcbaff14aae8a3f72138ea7d92cf0f43fe5fb162fcb865019d422565933ecfb48e34a806862b4a7057

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
213cb7d01af5e6ca625ff4739699db13

SHA1
11a2c70a3d5a06e96d4a756e6dc0cd8ac5b13b9f

SHA256
02371bde4951a88f4599f5b89236f16b7bc319c541e666dd4195c4ffbe48f60c

SHA512
e0e6c81f9045ae0f1bc8a628f7b4ded70111eb1c141612c29bfcdd431ea41e7031c0c4ebac48cd3156687bab90eef1a1d759f029df4fe0446490e04105cb9993

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3748.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3829.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit