0aadea5c642f3feff44b3e68835a9e8f1827c5a9cfece6f551dc19d8c52ee336

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85b67c53b85ffaaf10fb4127c7688067_JaffaCakes118.html
Size

19KB
MD5

85b67c53b85ffaaf10fb4127c7688067
SHA1

e519fa03b54e8e719910452351c1760211ebbc81
SHA256

0aadea5c642f3feff44b3e68835a9e8f1827c5a9cfece6f551dc19d8c52ee336
SHA512

aebddea2856ed7d3387ace9aac938a74efff400cadb881c4a0b6a645ec208e50c521b4fa2382c946bf23fd43aeed63d9004b4685dbcbcc0e14fd0d8e748f1880
SSDEEP

384:OczgNGbwhmkmvNJHF55Zu7eTbN5Zn1eMYj5Riv8BP000PCo1V:YY+JMZFnE7eTbjzeMYlRqfCo1V

Score

6^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1796	2944	WerFault.exe	28

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9253B3E1-1EF3-11EF-B238-4AE872E97954} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423283563"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1848	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1848	iexplore.exe
1848	iexplore.exe
2944	IEXPLORE.EXE
2944	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 2944	1848	iexplore.exe	28
PID 1848 wrote to memory of 2944	1848	iexplore.exe	28
PID 1848 wrote to memory of 2944	1848	iexplore.exe	28
PID 1848 wrote to memory of 2944	1848	iexplore.exe	28
PID 2944 wrote to memory of 1796	2944	IEXPLORE.EXE	30
PID 2944 wrote to memory of 1796	2944	IEXPLORE.EXE	30
PID 2944 wrote to memory of 1796	2944	IEXPLORE.EXE	30
PID 2944 wrote to memory of 1796	2944	IEXPLORE.EXE	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\85b67c53b85ffaaf10fb4127c7688067_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1848 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2944
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 2892
    3⤵
    - Program crash
    PID:1796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
84b29e5f516bb2ae46c9b3ffa0a34276

SHA1
cdcf064bca78000520528690c1b36e17ba7c39e9

SHA256
851860d65aa12167090ea00c3b0fe9fdca7d46aface2119138b74651945ca646

SHA512
f02fb283914ff2fa232a504ceee53ba6a2e4b029479d1af62cfb5ac2270d6ff1686a14af606a1628c72a9d5e3ae2b6c1c47b9f79094a93642d90e6631c4f4b94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87b31dbd97575638c14e163c21974e34

SHA1
7ee7217d5ce1f99a7fc88cc73c0d633faeedc89e

SHA256
5041304cbc1908216a997bedd942db657c53b981f1b2890c1419eb8040c33901

SHA512
b74f6923f4eb47981e6d62295574d4bc8a0505e9336cd591f595c1afb0954d34a9c75e0ccd4f162c28408d04e4639c7b9ce4cbef8434dba45104ba7ad86377d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a7bc2db96b04b4a785fa3bb54ae5fcf

SHA1
bb6bb7d58c3ef290de0ef6e1b4a1637e9fda1138

SHA256
960e562e2903688ced8f391e097adb0ccdccef4b3af669e50a6566276333ec23

SHA512
5d1cd65f0ca7af8b988410b3ead1fc0534ebf25189ff21e393c530bab41f5301e62e7a1522173f7c4adcca00f84cc769af35b18c20e9f535834e13002c6d7a9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2fe5c5f466691331624010e961fb65e

SHA1
ef2fc56e592e7387ddfd8e2f7497239d04938908

SHA256
2269dea8df5ee43b368f7ef95ce2854996a36975a5ba06feed0adff80e1a323a

SHA512
f688ccc0a96783e72c922f4c645ffe7af69c0e4b6c760f0c1e991feb83f41ededd88e2a24a7b6cc2ae2819e2ddbc5f28b8ad6b8cb7449c1c197ed9bc3f517a42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ac7fb5e447b83e1a964067032a240b1

SHA1
50c0045e61cc1b21b2432849d2dd45b7aa0bd985

SHA256
87b2e071779d4d91f86710e0d052f9bc3f137b58e376cf7adad21eac03a8b1eb

SHA512
3576ca8265e5ed862125e576f2697b6906b7d9a48a84cdee8805befc7d172028838a631eba255e28ed771f32605f98fc1114124efe5ca596dd51d46efa4119b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0ff36c71c3befdf426ec7d744e77a53

SHA1
f1794b1ead46319649969847feea03664c086bfa

SHA256
cb886889848a9cf661bedbbf4ad6ded43d8a010b60639dd924eeffe5b8c59488

SHA512
66c7b6316fa743f307ae4b9adf107a01345540371b7f11cfa49de536cdc4ef5b3bcdccafdbee6e113f28759b6670d40bf3a8b863c141fd42be4e4ced8b919236

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e366a853ba95eb2c4424c8c94635e25c

SHA1
bb6b1ef13d75ef13040ead4044715d76aec2e95d

SHA256
4846300759bd4ed4ba533c258f6696bc802e42836d51482c4e38738224fbf15c

SHA512
613c1d9fb3a5d540210cdbb26ed20f910ecce4b84207a62bc59470bad73b9bc4dd057d7be165573c19f60f6eb0c564175c0d7adfdece0efbd0e828ea6768fe10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
127c0efdd9a1d4c1b236362d5d430ff4

SHA1
2fd169f5241234790a75fc1d0e877b83fa1a4397

SHA256
c0ec3fa9077ebda026b4c4ee86f26a949548b5445f97f4547d0389335af6c0cf

SHA512
ab64fa0e79120524e9133679c07ccfcb7c04983f56dbadda9cb65595ad36a2d412173c070dd682dea175e03774b803701ce1012150c5d3830735243e1d58d435

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d90dcfd1acb79a5ef5be92d99ab2618

SHA1
d4b43081a536232daa28cf70a3c4ad70b2f3d47f

SHA256
075d9f23a07f6ea92c5081d548e13791e824c3e6dd2955693d2c4f2fa32ec5d4

SHA512
9c288710380d361f74f4290e86063af051eb19ed82ad1df422b355a3d97683e103abcf8b7f57098ff22babe16da03dce331eaf16e10813ed88a5950794bef9e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d89b1a41f3e66e95d41e7fef80785300

SHA1
60ab4b91ab7db34a1c600e49292f540da7e1b89e

SHA256
dac0af9482607d0161de9095793e9d0235931810947ed5715d0a6a298573f338

SHA512
46ee121e216a828a053f5ddc40b90fb7c684659ea8837d0c85bf9802d606ad1673834adca49e0b8af049ced63e5fda63a7cb75436c2f87fa0ca903029d629a18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
4eaab28f1d0b5d5dd1e744231ee2119e

SHA1
b7a30e78302fb52cd8c593b457b619ed199b0775

SHA256
555cf1bf32f5e585294fa33a8cf3a99c32c0d61324226c8d63d91b43b8ded71b

SHA512
d0b4f9f5248a7ce4ec3cdb8df1bf769169d09d64a07b1e8044c0f3b918bacb587bcf771679f49573160192c7dbee5935f37e670de2f746b1a430c5c8a9e22771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\css[1].css

Filesize
515B

MD5
9e83148fa9e9f3e25b973ec92e79b22a

SHA1
c097c52f791d02d6b7caf3fca4de328fc593e16f

SHA256
ce1446d39d5be30653aee510b0e831e6c64da9b47b8069160a0a7cfdd336f902

SHA512
3e5ba72ac61361ae8114b1251c0a4e9e40e9e98be9be5ec310cf473a97f39a7ad60254ddfd90c2f83f066b0027e627264c7417d7d40164f9f03963ca060da2d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2195.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2196.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2343.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit