66b03eb30a7d2064329fd1cc9af856753ccbe221830ec1173a2219d8bc066c58

Analysis

max time kernel
117s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e78fe7a6c34a538f0c5c419f8386ada_JaffaCakes118.html
Size

89KB
MD5

8e78fe7a6c34a538f0c5c419f8386ada
SHA1

97a27d0a8cd6b9e573493caa464e883152ab5717
SHA256

66b03eb30a7d2064329fd1cc9af856753ccbe221830ec1173a2219d8bc066c58
SHA512

3aa8efc88d7cb2b3814ee518777d5315dec5caa28559255c6e3d971d9c8245922d2ba234218cb5c3ce0d615496da03024ce56b0289ff91a6cee426cc3aafba49
SSDEEP

1536:gGFbsFIatl093uhwr5BJNJUPtH/SdwtMwdw/z3kxOwzwsi7U9L:jbKny3uhwr3JNJQA3l7U9L

Score

6^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2812	2340	WerFault.exe	28

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AAEC0891-20F0-11EF-8303-EAAAC4CFEF2E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423502219"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1948	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1948	iexplore.exe
1948	iexplore.exe
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2340	1948	iexplore.exe	28
PID 1948 wrote to memory of 2340	1948	iexplore.exe	28
PID 1948 wrote to memory of 2340	1948	iexplore.exe	28
PID 1948 wrote to memory of 2340	1948	iexplore.exe	28
PID 2340 wrote to memory of 2812	2340	IEXPLORE.EXE	30
PID 2340 wrote to memory of 2812	2340	IEXPLORE.EXE	30
PID 2340 wrote to memory of 2812	2340	IEXPLORE.EXE	30
PID 2340 wrote to memory of 2812	2340	IEXPLORE.EXE	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8e78fe7a6c34a538f0c5c419f8386ada_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2340
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 3436
    3⤵
    - Program crash
    PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
acda39d5201748432cae5f301fa57c2d

SHA1
5612d5fd55554a801c2f4b3fe5079bcf49d377ef

SHA256
6857735ebe828a4c11850b72fc588b1297cd8240959a61e4eb9b4b48633f4cb5

SHA512
18fa05f3fcad54d979639abf3172e6706add5c382534e60b10d53c169747d1947e5a0a30dacd4322a9e27603bce4ec7ccbfdedcf9a2983396f0f7ca0254b33d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28d1eded3b42e8de77a8ac1ff49bdce1

SHA1
f3e517952d1f5311bc4aedc6154949afcf478033

SHA256
8cabf7b1f499af3a7db3c5f33c6d8eec89440bb862b1aef8f0656c712d4cb534

SHA512
a442ff6fc810a6b00b474055dd6d8c1a795ac3ff469b2250b00a5cdd78d0d5695568907a3b893cc51b143f5435925388d0d2e2897b365b2b41582ca29472eb98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19824cdbf18fada66bb9a9e93d6706b7

SHA1
728ca7425579fa87c923606b2caa38e28972a890

SHA256
43f21de719925a0d518df01e46b031f9f28faaec6a06ecb29a32ccdb8c973efa

SHA512
36abfc3aaadca799b56c3274dfeb754e7c8b906c95bfe0690a2657a7b183b76a0c63d85eedb7ce8f11c3e28ccee7fd08504f261fedfff98625105f44d81b5627

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a1fa2402fda57820a9d9b0cc3d49b4c

SHA1
ac2a517b15a9c8caa28daa0f61592378a2b23b45

SHA256
894dd8c74828ab9e8d8348ebaff5b7ded7b7d877a1de1342e0258f9777f43010

SHA512
f9209ee1aa0cf75f21939d542c467ad1c8ebb5e567adfcb3003132431d48ed072380efab7bcfd81cfd63ae334b9d8c45165cf59dc513f598e0eae88920f09a52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe97e58204b92e448aa4739ab2f64d02

SHA1
a2450c078cfb071f16edc988f8e9b52ae1825f64

SHA256
4b41c36cfaf47063d9b0ccc7844e68b2caeefd189e33f8ae6bf397ef28af8edf

SHA512
ec10834158abc8525f9d8c53a61ca3b6f605c5d67be8b26855dcd373ff179c7e118fbe326e4157baf2a17d4c1a635ba54659eae5d0e197b92470e0f42c3c8cb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d0763d89efe594a010436af86cfccc3

SHA1
02072cfd46fc7b2a4fc5ac59944ea50d6df5dacb

SHA256
d815b70a65c0393f50804af3d121e7a3a8fe8a18a3da61035abf0a15d57cb4df

SHA512
3edaad16f6bdb4b4797fd5468030c115eb305bc5f0adbb9d63b59bb7b096581539cfb84424c74445d00ee70604f0fbfe6bdb97194f63ee9ec33c82db912652a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce63a0e6fdc74c3f6e5a6b710f74e0a9

SHA1
1566c4414564e53ce620f0d4203b87a9c64d0f22

SHA256
83daa65e63ab8d58f65ddb2ab1ef78d593dc8488a6eee4129d5af52ce7dcf1d3

SHA512
6578b7da29f11dc9c1fb0f9661195997034de62860779ae01db37ad5c857ffa4c3518532807bf5c2d16bed8aaa00168dbab2d549af331dc0a5d73c9f1be790d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
891630acf9a6abf86380c4099b60827d

SHA1
579a5c0d2f70e3133d67abcfd849950d720c6e80

SHA256
da0ead73cb277c89247c8506bc867de567676132257fd74c8e5587acb2d73c4e

SHA512
b63d9d181a14dfafb400e8f9b378b1a54ca184caad87a11fdb14fe9c32b89ad30ac4c4a8aa3e20d5bbc2be723d0ba414aa5f2df9272455f3e7a3afe663e9e770

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da16c346c94f48f99f0e1d0628b79922

SHA1
fea5d6b2af0a03105885cbacffcf407706c550d0

SHA256
b7bbb3e8dfca1b36bc3ec91799aab7d1cdbc1aec3496e61ec3a47da3f8e24f2f

SHA512
ef927a2f3ecae935a087cc5014e004b4c1854d13729d869d23ea9dd2502a87c2dd62f20603a377f6ba96bccf29946ea2d73014db117071653900a3736c71cc1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3734b57da9c6fe98d5a8e9cb744db8b

SHA1
083abf88741d04bb9105882c5826e4440e968f69

SHA256
32229083ab5a97a99e864fe52b92267f9aa5dc09c5da4abf0fdb2e607925463b

SHA512
414906a92f3622643a9b03b47e389ade614a6422b5095326fc18619a06dbd7bc91a962ea1f5a0cd5f2f155fa77a359e3cf8eacc88707c1caf9e0d35297b10a83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e3295549f21cc60ed22ea6a1998c5a1

SHA1
93ed683ce15de6db8522214afd98bf41b8cb851b

SHA256
13cd6a9469895b556c15f22252741b9ef2de48799e304faad1b6232b0df1055c

SHA512
6ea7c8168f0297ad2692de3f72737a66dbd33e3664c204ce03a43ed8e142dbb781f2e0129e15208f9fe58c8256cc0f422e630634ccae44796c8432389cec4f7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
140d8b5d6d01626fb627e5cc2daaf0a6

SHA1
86cc625f5153f388d5dbe4d4a16c5b22c2fabbd7

SHA256
a56a7ef233768accfcc6de11f3299c909123db989a7733c89519e663bd9f77f2

SHA512
d2467b997aba6dc7acb91d5250bc7e73b8c79ea84123827d98e67d73dd60b72f28f609870c90b00ca0c8c163aae2f06806282370eb0a459421fdf6da665ab02a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
af01c7227c0a37536e288fd8453591b9

SHA1
f6f0c3bcd25dc8a3cf32016879a2a92119b7d13d

SHA256
c8ccb13bd8901fc5a7e412814adcb3c1c534a5b70238f4365dd1e64214bd3d44

SHA512
e14dbeb1331f6462debde41b403f792a7239a00de7523a4fe64577f1ca8905c0794f51d1772751199ad957366f42e19656728b048a9cbd3d67e585d471bb9174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\css[1].css

Filesize
1KB

MD5
09cf233d1589f5010ccb55336acfd5a9

SHA1
6141c5482039f73882eacee7849b580e2f697b3e

SHA256
fb9b899fda0b7eb50488eab5a65b1459f2871a487782417ded78a50cfb0b3616

SHA512
c47c359a3194bbeb01766e658c575e6321dfedace3fb45be7280a95cbae1998c17852f82ac4950fbab37440439e1b8635c30ad28613b756ddd0329da17785188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\css[1].css

Filesize
972B

MD5
3c50d5bd0eab56afa223d3ad177859db

SHA1
0647ea59ec724d19d95d55864d437f5ff859183d

SHA256
610c1b2c92a60ca56e43aeb8e6809777edb0befc76afdd789821ea3dbb9cf4d6

SHA512
9742f2af25c95448b648cbc35fd50cbbf0dd19de1d28a6dbb0ca9143448757e86e24a842b82f7f705b4aaa6617d5fcb250c36dd596b708f6fc97390cf9f31b85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2BA4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2BA7.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2CBA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit