8324a92c6afd102789f6708708dba02e534f9e03bebd8017b2b606dca28317d2

Analysis

max time kernel
120s
max time network
132s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 18:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bde49931794db021615cb90bc23e7dd_JaffaCakes118.html
Size

461KB
MD5

6bde49931794db021615cb90bc23e7dd
SHA1

7c4d4f6708d08611a303ad28a8ba468a2dac3506
SHA256

8324a92c6afd102789f6708708dba02e534f9e03bebd8017b2b606dca28317d2
SHA512

2b8f4dbbda6ad13232497ce8e7385f154b6b3807b5fcc1d6608f160aa1eba723d0a0971b6f694aa6cba0d6ae7dfc30a48c95782377e0d1e242f7a931b3c1c399
SSDEEP

6144:SAsMYod+X3oI+Y1DsMYod+X3oI+YSsMYod+X3oI+YLsMYod+X3oI+YQ:95d+X3P5d+X3q5d+X315d+X3+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eaf78f90b84f514aa15bf47af970bd2700000000020000000000106600000001000020000000060be74e369c89b8ed9a6fee8c3f68a64b4a3f517d641e3c9cd6e0f7beb2d8f6000000000e8000000002000020000000317ee5e0429619a55233359a2df3ea106333e906c3abcad38be85d734e124aa390000000174400f23a7d9b3154602e39b8cddcaeb72c54e36825a95d6c1969069832c9cbe193aa1f6ead00b47fe6dc90bda2b2fe5b17455c833d39959e19a20baf5ada4c77512e031711237a505164f5dbb0e4c60cc865f6e5df75eda9b8f3bf3a6b05362ea32bb7197211599cc6fd920de573f6dfc084d3de0a8e83087d5c0d75acd49bab76d50ce7b5ce54dd61ef528aa5bd17400000004f872007aded00c97780c5c7e3806b4316b6b3d09fa9931073fdc95657ef01b0f89b996494a97ec8eedf4d5cc33a86cf7187fb5e5fa5fef415b1cc392a28a40f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50bc39193fadda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{405FC4A1-1932-11EF-BCB4-4AADDC6219DF} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eaf78f90b84f514aa15bf47af970bd2700000000020000000000106600000001000020000000c19477f0b9a9f9876268e5971e855a34f8851217af797741dfad297ccc7717f9000000000e8000000002000020000000f5e8d8f63982889da647da131d2c680c583a32f76691ca3d1a04dab62fc856652000000057de5d8289365da12741d7bee481d5327ad5ab1abf91d912b2100f260aa6bf3f40000000545f961ed2ff93bed454596e8d03ec060bb4cf4e070911edb96827b6bdb9c792a61610bc51972eda41aa4677abfb06f152c0b74fe1c90a11b02adbfbb0d8db89	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422650777"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1704 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1704 iexplore.exe
1704 iexplore.exe
3024 IEXPLORE.EXE
3024 IEXPLORE.EXE
3024 IEXPLORE.EXE
3024 IEXPLORE.EXE

pid	process
1704	iexplore.exe

pid	process
1704	iexplore.exe
1704	iexplore.exe
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1704 wrote to memory of 3024	1704	iexplore.exe	IEXPLORE.EXE
PID 1704 wrote to memory of 3024	1704	iexplore.exe	IEXPLORE.EXE
PID 1704 wrote to memory of 3024	1704	iexplore.exe	IEXPLORE.EXE
PID 1704 wrote to memory of 3024	1704	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6bde49931794db021615cb90bc23e7dd_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1704

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3024

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a2fc3f69fda57df26282d7e73da4bbcb

SHA1
e95592a29900a8bf4ed3ed4108df102adb89fee1

SHA256
ea747329a94178977be7cfdbd41a3580c22b39b2348e6e710065ae5579c41b6b

SHA512
2a75408051704a6cbd5bee01f91ad4a85ae7769218e6c53d2937d71ed03c00480eb4a26277ef55b5f688b25e4cbb991dd9c866091985bf653263ca98237ccc58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
baabd01d14223f21d805d134f7c34ae1

SHA1
71b6262cdb627acbc1609b3a699a6e5a3db5623a

SHA256
21c91c2e87d04bf9f5f7ee08d23a78d549b6fa4ce38c4a08c9ac746121967bdc

SHA512
c510636307a6bebdd53d17962553d80a3656b1bfb722ccdfc5e924642691a76ffa73cab7bec6a12ccfd88fe8e80fcfadeafe81193b7d445b7e33c1645fa66c56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3e9d11f846a9f0e590562d4b5698fe00

SHA1
7718cebed8c4d8fb51cae7e6fe8cdd8d8390dfa2

SHA256
51f8d60644763e063bad568d51ac84eb4475d220078dc19e67e45d2db0960f39

SHA512
6a0321920e771b6fb2fa3901f0af4081b92bad621891e85387ca38028ebb66982da7bc3a7348747b1167e848b85f9936385a9de80a8caa840dcfade1b2d20195

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8b8fae14fd2db71670ed76c32c63b0d0

SHA1
bafd1aebc6f5fbff88292746dbcd5ef18701b490

SHA256
5708104373d81a3f1049820847f901cec113a96895d2ead7bc50e04eb19404cb

SHA512
1600a83bcb09ed9ada2e70c196dee7cffdf3b515504e26e042b6082f89c189ace731b5278457fefe15c234d3a0dfd1beb1414e64e03d8d85cbfae115cf76b8e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1c4f295085bac58283815dca94d1be0a

SHA1
2bd98122b0cfa3a738c060e1fcb882241722cbd0

SHA256
8f2a409374bc96c31b07ea62e392617a42176d1acc4e55133e554e415c7e0bc6

SHA512
6eb7d9ab4f538c6fc7d3766c821d646d85df15b22c8530ad628217f685a03979b7be780c4ae10afaecc8875818c4975afaa5810f74ad973e0376bce5469b0a4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
de33948c03d9b4577ee0810a7aa3621d

SHA1
58bbb3e28645a2499f731df6b968facfc887cf6e

SHA256
ee07510f70e17ebaef21c9e9c6a6f0344380ed95f76f902800b86e583d12d55f

SHA512
22c7091a7bc5233e6a6c98bfa486e1f7c0ae8057df3b2fb485bae78fe418497685e49228f2017cb9f3e0c2b089f82b42d6563f7a467fdba430f27f5225e8e24f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
850ac81c9d1627183d89a186a8df046f

SHA1
2fd38ada17182506da1317908a850aa21effbc38

SHA256
9bf946375fcad08a9e3116958d8c7a362ab07798a8475edb0f4fcc6e83594602

SHA512
03db73d19e113bae25520dd1c4fa1ddae963d013d0b5a3c49790ec9ae6c4cad4e7e549b2cef1d44c2786fccafb743440bfb5060e817c3bfbae13fd50b6e4d645

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8871ae30770cfafeafaa339915b0aa75

SHA1
84acd755963c41dd5911ecf535b600098d8c05b6

SHA256
a5b160a7ef3f83f3ebf2e9ee44d1b7add940848fb13d7a49a4548b1cc68bc382

SHA512
0374141fa82a3a834ae5ece110c377b8a860a8036a801a1f5508097716a144cf8fe4cae16367fba00615f24c221d823f8355604450cabdd3b46028e4b111104e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
82338fc65ef6efdafed099a08eff13d2

SHA1
1337ca07b27c721f0c319dd044ebd23717a320b2

SHA256
cc2b249aac4b32ac6af60cd2d80833263f0a14da40c00d617776e75b84d03e3c

SHA512
d03261b0d7e4015af92d4cd62d06dc3041619d77f326c8939a9aa5251820149889d7fc1e7cd81ef1a3dffd89f141ca8e8879673a279ebb02326d6bd8432519d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
517cc74603210bdd2bc899736ba88b3d

SHA1
a1625c03f777c1223e4e4c501fff294f23776844

SHA256
84827e9becdfe63a21133546e17fdb41c985c9eb868b4847772e7d245a269624

SHA512
876dd82c67bf04439194258e917759530580211833515a51bb234f92e8731eb1b7734fff5627689581ffe16a2119121cbab33dca19d7ab09f69017c562038398

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d6b00f826a79c272c2bb11a78e544f54

SHA1
19862519a0d0fdc410cf14b122925dd8e05268d4

SHA256
5c653993459ed67920bf4512606e99424ecc6cc738c703ce02a654ac6d2394e0

SHA512
87f4a8a63c8259656b3754eac926446792852dd1056fc13fb8755a471cdc045af7e01ce5bcaa542620eba8d688801fbd1dbdc7c39fef715e955f6e7a1cc89e67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
fbbf5e2287431e7c71b0461f8ac0d74f

SHA1
01158b7c01d899a25632da6a76f4f69993a70dfd

SHA256
8bd2bd8ae392858ef74372b5d982e7ffd646255d4956df963758438c97f9a074

SHA512
98d1e8b1a3db5293250a8a56c84f3f6713b1b18466f1e3502b8e61fc0ffade7ab34ecd62439a82c0f319a866fd62c5cb4b30ec1714b06fad25867622027bb0e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3621dad4af38f2aa5f85ddc9f725829f

SHA1
92984c25d5c74a48303ec3af00437e96fab1ca35

SHA256
ad5fbeb99fc040511356fdb6cd073fe2780b957bc34dd218e4e6c2af3fe05f83

SHA512
c37f06d6bdb53511201e8cf83365fdd26814461ea936555ea6069d4a8fa3f7133cb4d6f3eb34fc5719cad74763c3b33d8858a1811ec938f55ef888350bb9b902

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
122f29e7fbb014a204fc46ca9f3a6fd9

SHA1
8b9dd40b5a8112750aa1d9782decb9c816e30b2b

SHA256
fd6d0617b387166bedfd426d62987a995cc50de183fc499d9879660c36c147a9

SHA512
aa999c39298f601f6b72ba940c9f1b51d457d585f5e01cc704cad156cf03a3a8fc356d8426dc1c0a2afdc2aa9283a57488b8272fa7cf1fb95f68dc64754a6820

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e3a240a8973293e7b79539695390d15f

SHA1
2c2b2087bace3a06b8fd061952cd2d86878c688a

SHA256
1e00f8e39dd04ca09f753e571f33c456a8db49fcfcb2797fd3e09d12c37e1cbf

SHA512
7ceeb975f00da68d28e3e2d4a8f2eaa7ecd63e56cbe3777ea76b75b445dcbace9bcc486e5004ccd870c75c9536f1cbd3c4309f13f8c6f2541118da5f168e91fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBFD8.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC147.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit