096796b41e2cee1c1f5d3a96bc921880ed3324adc6b6ec4384d72cd0f1ad252b

Analysis

max time kernel
131s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69647bd5f79d8f1a8c979ce508522e27_JaffaCakes118.html
Size

252KB
MD5

69647bd5f79d8f1a8c979ce508522e27
SHA1

93889c226a9bbd443c94c48f21ca3b7c6a758589
SHA256

096796b41e2cee1c1f5d3a96bc921880ed3324adc6b6ec4384d72cd0f1ad252b
SHA512

ccfb026257de37d778f9006ba28bdb8815d3dcad0c30c73392ea2a51942266695ff0544aaeb91adfc7a8778f0d3815906574c206a5f302d254cd81d2b7d58b73
SSDEEP

1536:2ttaAdcyfSxk9QeqowZnYJY80YrpyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76Eu:2rLfStMyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422591836"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{04598CE1-18A9-11EF-9511-66DD11CD6629} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2008 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2008 iexplore.exe
2008 iexplore.exe
2192 IEXPLORE.EXE
2192 IEXPLORE.EXE
2192 IEXPLORE.EXE
2192 IEXPLORE.EXE

pid	process
2008	iexplore.exe

pid	process
2008	iexplore.exe
2008	iexplore.exe
2192	IEXPLORE.EXE
2192	IEXPLORE.EXE
2192	IEXPLORE.EXE
2192	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2008 wrote to memory of 2192	2008	iexplore.exe	IEXPLORE.EXE
PID 2008 wrote to memory of 2192	2008	iexplore.exe	IEXPLORE.EXE
PID 2008 wrote to memory of 2192	2008	iexplore.exe	IEXPLORE.EXE
PID 2008 wrote to memory of 2192	2008	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\69647bd5f79d8f1a8c979ce508522e27_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2008

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc4e4fa841cf11e811fa90bcebdacec6

SHA1
bcf7e8f33160619460e36570e5cec46f857152ef

SHA256
cc5d6cb63f27ec2a55a3d9816389a7b10c529fe8ef3c4bd2cb1044cea7b53841

SHA512
54452ce1ba0e735323a4505a4b408d5514b247b77d9d78d3223b3b7775d84448a46b35d90d4b2c3efcceae81c27017849d5851093d056eb523f6b2b1a440741a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d371853b32bde0c48ac70cd4f0c8e47

SHA1
84c4344439d25422a1954d2a3937cc7bcad83b76

SHA256
fb7405df0858c4b29bf53f30a29083d1471e8cd3a3daeed3af45c75b8b53ffa3

SHA512
815cdb883528cec8b47f279e436de6892db3e8e4110be3aa1ddaf9b37385410bb8751447820f34f913edd99bac2ee3dd1131029e8e82f626dc541401ffc3a1c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb263bb7a6aad505a59cfaa13d36df3f

SHA1
1b9a30c894da390d14a77c2fc9d611836b1ffca9

SHA256
1a02c401c5aa424027782d7d2f82de44c926eb2d77efc739a97f6dfa2c2ad624

SHA512
6173c854d1fefd489945bc151ce5f44976b07e4145895fce6303924d8faf910207ef0072b1d5496232f7ea10141a1601e02497dc8a543ced992b868c1bde0392

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2bf23047562df8be34824becd9266c3

SHA1
aba2945ce0d5f9bdb11fae2b04809cfb15f29028

SHA256
8e0466d77a82e7149caa54d4623ad249e1ddd42a02059a89bdf89309ff3f059d

SHA512
265a17ae806c2eb206bca31f036fed06d96dfd449c760c7d4687430cdcde7b7827eaadb5e6105edc27c333549db491c0f5da2f7956a4bf39e30e250edc333473

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
398cf3b7db0906a040e458750873f878

SHA1
44769176b66628b198470f126631a8ac14b9f80a

SHA256
c488fc5958a0ec50876da1675d85cd3f5b15e63e84fb48a70504836ddc7f8dbd

SHA512
c0aaa8a1c4846aa6b8f29ae41e0fb90508a673f5b165a8276b58866b24113bd37af8dc3cc09d8545d2b250339b12a353ba7d1ca97ccc7d0f77db292d78c4b3a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6803f32da37c5349334485cdb32f0a80

SHA1
14dd089157773a520d337c5b0fb9d1902db60304

SHA256
f71a08dbb67babafe52fb956c69a0212f069aa7eb41d3453649caf1826933891

SHA512
989f685858135cc872869eab7ce23ce56564896824ada89e376415e4465b78bc04e16ee64dcf3050376f8b5e67e403d6a763ae9dfa0513d6480579a107ecd81c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b61338c7fa5ad488e40ebf941dce534

SHA1
c10f9c72b346c4348dcf1cfed23e71d70b046663

SHA256
e8754c03a8b67cc5e493838f25004e6fdb2562f1165fcff0cf66995248790d51

SHA512
89fda02b6f0599b8ab3bedac2f7b10681686dc1eb75c84e344fbe13876df67e98edbd63af31de7bc5cf2a7caf0e08a2dbe0ec9e0fd424768d7a9f203f83680d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4af7b7146fe3d4db46a6f9647e2308c1

SHA1
d5886df86785621d00d98de19fef604825fa1b0b

SHA256
ec76d40920b2afe785f853aceba8319bd06bac282139a25a8a7b0e4d1ef0233c

SHA512
16e2e1df53da311d3366661c889b9397d56ff8e9a7c298c84990c8e08ba02eca494487f451c07a67340fef11c49918e37dc122b8d7cfdfcf456a78ea82372a6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95df09524044dddfa9b3434d3a7e0381

SHA1
68b5dfb1be031d8d86fc5e086a0a7fcf5defbacc

SHA256
444913ef74af627b4b2903a1fd7186253e20e13168b88c87749127abfa1060fa

SHA512
10495c0aa0a71af7a2fdb6be879902753f72f8563d071856b1da770d016874fa13d3831031032aaea99bb0fb01528aa3678788c27503b4ff2e176f96df039f83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a60a5396f178b25965afbfa123571906

SHA1
0a7df6455724edca140d2e8a8ccce407e309dbde

SHA256
4bdad87687f6a561e58d90c55dc5285cf13d3f0a25e31fa3a8222652dd4ad981

SHA512
d3473d784498cc0fd979643cf2cf7d499affa68d7a3cb0ce17fa744286e21f0c3e6baf5e64c899849ee673d18f33334d144d0930f75ac863d8ff8edef955edad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0f2384208f6efadff5755665e07a9fe

SHA1
351b429b34cf0c1050c6e8d29666bbc4c1e6dfce

SHA256
223ebadb331ba193bf166bf9e28987f90231be694e66a9dee66c4e8240bfb09d

SHA512
3b1617009c37ccdcf7a1da8c8227541519f1e9a276b718aa76622099ae2503f590d8460b70690ea163480fac4070fc136c551a1ff2553f56e567045ffafcd8ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6bf8341f7be80a9adef0408c45484c09

SHA1
5000135e15a5ccf077360a3201526afdf7d5bbda

SHA256
355241b273d07d98919d1f1ba1d4f144997dd8c15878d05af3c2cbbdb07399b7

SHA512
b7b770c263a6c45b67e7953c08ed11afd3cbcd34346c312844d1d56cd60ece9461dcb36d03ea77aaca12713ef3358d5ca32a3349c912c79199edd8b45cf01382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a261d8f98840a9700659ef29b69e1019

SHA1
8ae4f2dd583c80fb1a5cb94c8bf5e2eb554d6095

SHA256
5dd8505ada23380683414d531d36d25943cedd65f0114c32de7e63b4f5405a9a

SHA512
ce4b7eb847c04d928cabb7c42be7987e8730401e0e41959f8345ab8ff933cc8173e0111895d3a8720782ad88fffa97b8d302d6e34212275da7463beb7d633fc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee2e8a0eb966320ebd6de805b78f8e37

SHA1
76962900906c0a9def1a5cd24cd1ced4bb65fd4a

SHA256
b24fe4b0928592ed251bebdb5028f5b7c36cb781bea6f9797c12da2cc3139111

SHA512
70b822cb5c49be117c38324357f6c57f66118bbf17413fc43a10b33bc90847d557312acb6241f02e11e18dd92c3fb93a7d491b630e0ebf1db2f7cdd0e0d44b06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58f19cada00d09bcc456ec6d5f4b8702

SHA1
e4bf830b6ddf3707d4b5115892d1267d8d3ac039

SHA256
157afd40e6385c034183da597b5baa272380d2bbb08e2217cfb2b6dfcd30e846

SHA512
c0a0ef6c445de7643497f594f72d242dc3067abe271e8c9ad31831cb6d1ffb39fd133517f75144a4557e9af93e56fd9070701ac41a4927da40174cf1e79ba60c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fcb7939efa067f7646266da79df110e

SHA1
2ca67ba7646dd554c7edde81dfb4f81e85c38489

SHA256
18368d0d7d0bf6e27b81edef500477faeadbca685a317091be36115f65fb8829

SHA512
03a2c4425a02ff83b332f260229244e292cff3d90806c743dbaa23c81af5bb9d638201ba1266c327284c1d0b9870064c4494f7407c54a6629e60e6445d3daaa7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1caceacc797e0f57e5d88601fc654fe

SHA1
5679d7efa3ab4eb16ed7d2bfccb411b73de8c255

SHA256
a767efc99d567c9359b9ac7496b9a14c8a371f5820785b3901803569fcdffe99

SHA512
5eebce45f6d1018b848188776d08c010a39a81a46a1ca782772033c070a32e1726254957f569c32a5af9949d1bc3f883fce4bdd8c4fac8d999b54f905b1077b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c10e9ffdde369c905599a920040bec0

SHA1
529e922497f74c2e64cea0b3230c586724f21fb6

SHA256
e5ec65f8e600db1b3cc0be9c9252eeddc33dc0fb39b3709ebecec3f43fc3daaf

SHA512
a09aa0bcd1eea748bfc112561d4c4c5b4e192f96206d9734e9def2f7e85e2f81b6252ce878a5929f17c801d8990c6445679ff2a5cf36d3d471457682c8a1669a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0cb06b0e0e13fd617a326d3a05225a1b

SHA1
2b75ffb4ce785416ca6e31d2e84ece116c520277

SHA256
02fe856507a9896d6a9da89c34a4fde5d6f6862a24f2de3b9800816ce0de0882

SHA512
c3517df4877520122128ccbac063d6a1a05653351ed5e17c5c1b948ae1f575cc04ce1120be6032e5f4791fcf2dc8e34cd22d3d3055b934119364995d1fb9c231

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA288.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA3D4.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA434.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit