b9a6dc9e7cb74ca02255177aaae23d317640cc85fc84354fdb4559f9eb4e5d24

Analysis

max time kernel
150s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 12:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6aefe0a660546b2decaffbfbf964e323_JaffaCakes118.html
Size

160KB
MD5

6aefe0a660546b2decaffbfbf964e323
SHA1

5fed880b5e12aaf00faf3deb5a0f335fc2439a68
SHA256

b9a6dc9e7cb74ca02255177aaae23d317640cc85fc84354fdb4559f9eb4e5d24
SHA512

8d329912e6383b034098ff03873233feb15fb4c0bbe8cf458a4a7f4ab18e45becea5ffce4268a9e5c5a9eb82839cb136d32c2dcc4cf76819eb9ee5c6e198b90a
SSDEEP

1536:DIi9cOI0fBm+ZT7xa5Ssfssv1aANOVAmV+3tl1VsZ44+xcFa+PRbt3SD+u37I3LB:DI7O96em9/ZYqS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422629024"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{997AB691-18FF-11EF-9667-569FD5A164C1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2772	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2772	iexplore.exe
2772	iexplore.exe
1616	IEXPLORE.EXE
1616	IEXPLORE.EXE
1616	IEXPLORE.EXE
1616	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 1616	2772	iexplore.exe	28
PID 2772 wrote to memory of 1616	2772	iexplore.exe	28
PID 2772 wrote to memory of 1616	2772	iexplore.exe	28
PID 2772 wrote to memory of 1616	2772	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6aefe0a660546b2decaffbfbf964e323_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
ad443077217066f5d70625dbfa140cde

SHA1
fcdcf35e06833f0f1ad01951141d544e7b9b567f

SHA256
17bd93c9fd5d4d5e7027ba165dd59b266eb1ff4f7b7b55fe90ff445d66ab1ee1

SHA512
97bd9e6d8d5e61b11f239835b0a16d9f2a801c2e287065c62f1a847c3db21b1a59e71c91b24073217dd2b85d20c274884f5365066d9e4b0353aad8490a74ab8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
993fe8c7b377513d7749cd6ca2522579

SHA1
900f05b1827da478708d7b329b58c0c4ac7570db

SHA256
74849fba735f0b041e1a4518d5a7677cff58a3db5e3403fb40f2af80a0957a1a

SHA512
638ef6f75ddc9fb3f248d93e7fc1e5b236be95dd22a9cf13651232c543882a1a3501c4ce7c89b74f844ecf92a6b27836f7441fea7e6cb15ad02806ecd40df55e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5435bb7ee07811f2241dae0491ae722b

SHA1
cb32fa9c2802a2754a53f4e5d4637f561ed9c0d6

SHA256
ff4a5e3213812ff9307de1038828b3d06ee36c02b420fe90ec024a511bb7e70e

SHA512
f162587c3894baa7f31cc9eff98ec5034f49d7d26e68122255e9ebb2188b8cebcebdb106d8904d0ce98c4478ca2493083a8cf23f6630d9a62419bb351a2de114

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2749012e751c2d9465cd68c18ab2f0b4

SHA1
e5d4a16d4caf6806e4b0d7116c3b4172f0dd0e33

SHA256
ca682e92ad55d9ae5339a63775257d6ef63cbd8f5b7a6520dfdaaa028dd0aab3

SHA512
233691e02c22a19aff46be704f153fc2c5204e42ad000e7af9ecb584784941d986dee8149a96eeb3b41bf9e6eb2eb53ce21fe29ddbba6689be0e2a5694b486a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce2ee20790483cc3acf22ea28ca42941

SHA1
1d649c505c7db461c3247f495d0246e956756f16

SHA256
2e58a6c40f51d376297abf61f0734ae54395cea1ed5a2034462267d5f2761268

SHA512
f1c44278274274f99ea132c4c30dd01e1e9c1e84529e717e5c032d45b21da20f79e38912de060d8e538bc827e7456d92215396054b1df63d7ff62f2cbb14db92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4734a02e6c9597f4a2752d160f351e29

SHA1
c772174d1620ba99c22fe1fa8e8b9a744aa11b63

SHA256
5d4c24e4b73b4d44017f4a4b96a1948cbd4b6a1895eac88c3ec1f623460cc23f

SHA512
021b5c9fa46258247de569b3e8038f3b3184da21b11f8dea7872f4af75442ed7be85bfb90cb705c36335462b39946d77a2448e00b0c7b91ca85b647fb1130990

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c0fd3078093bba0058f3cd31df540ba

SHA1
6e909690ca61e5da11a1ea9654c0b93e8bcdc0f2

SHA256
592edea0a19d22db37e43cb0b4bfe0d750f514d33d9d2abbcf754c2a45b122dd

SHA512
06a95fca298c85528f431fe53e273e4606b3943ef2a08016c363a4730c65cc65ec073fb24bbb541d2b0120523f3de7abf7502c5a6bfdd455b63acc133bc100b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65e6bbf3811538ae319bc8e0877e5b9f

SHA1
05af5b2756b1ab73bf6b3e529877c267af7407ee

SHA256
ea763dc457791d1b65a4f5357705fe183a035c28d13e827d0a879bcff4833ed2

SHA512
e60f08bb80bc2af5fc1c968d625754f75d7a0b847da93f14eab54879b9daca46d44903ad88768cebe72fcc8b1fac413e1a4a19ef2dc01a4066017bd366a892d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
007dc080b1ec6d8d1445ac618cb4d01e

SHA1
5d49dcaccced341283d09a77e471917f91e96c70

SHA256
6c7a3e5c27b99a6345c2938e6dac31cc96355daf964e7aa2739a696339168992

SHA512
45dcab97e3ae650a0e83fe72e25c18be1578665934f17f54fefb03a0586e97a0300d06e4a4a6abf61ec9a89aa934de8958e7ff622057bbdf42bd098fcd9109bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f76d3be9dd916c32c2bfc137c354cc28

SHA1
f044f1c9dc42402a8940458447aacf4227400118

SHA256
3e30dc21409f3fd36d17c5f1e532bf3e7eae54f543951e7b39af64ce6cf2754c

SHA512
6033c3ecb77b62484b4565635a485153558ffe0187d7bed6dac8d6aaf338009af0e5513cb42655136c24d7643b24d290e0d0c902edb6f5060409fb53ac4639a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55093b76ab3e1b461b7617a16b63f549

SHA1
2106d5951f09b36c201bf6e79294c0b1e0404303

SHA256
29d4620e65eea3540829299487efd38fbcfed7a1ab2eac84408d105cb60da3f1

SHA512
05da503da2e2e4a725e1ccdead541ce47241f6a56e40d894e1a0629a14100718776577fe69c629e207510bbb49bce58db0d349a6392a602d168e5b0117f4dccd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
cfd3238f7e33b7e32116a5a77fa0cffb

SHA1
cbd3938b012e1680d869b173c43674e35496da34

SHA256
67d9e3d64d4955060e15101e272aea1e8d89e75eb2273703d4206faf819012bc

SHA512
7ce8cac92d27794c5c63952836fb0c3b4295083e59f74ee2149bac8835c50dff3f9990b20f4d3cc34460b0c9f9392759b96acd17699b177a2139217b06899727

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8F84.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8BFB.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8E92.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit