00cd699260f2c549913e8c9e13ff5de69d5c76dfae801d2e81b78c86dc97dda9

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 04:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d4d21c7d5a6bc2d0f01eb8ccf5f28f7_JaffaCakes118.html
Size

213KB
MD5

6d4d21c7d5a6bc2d0f01eb8ccf5f28f7
SHA1

31e5877c3d8003a9fbdf6278277594265947dbde
SHA256

00cd699260f2c549913e8c9e13ff5de69d5c76dfae801d2e81b78c86dc97dda9
SHA512

c90050d21e2f1b9090412575b7d6a979168b161be7a2c0048420520994e50f50a90d6ccd580c9b2be3edcd54c19141ca754e7da9f85371801a972c9f24aa3c92
SSDEEP

3072:SPd3+9fbv7NyfkMY+BES09JXAnyrZalI+YQ:SPUnYsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422685817"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D60E3C11-1983-11EF-8356-E61A8C993A67} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2156	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2156	iexplore.exe
2156	iexplore.exe
3016	IEXPLORE.EXE
3016	IEXPLORE.EXE
3016	IEXPLORE.EXE
3016	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 3016	2156	iexplore.exe	28
PID 2156 wrote to memory of 3016	2156	iexplore.exe	28
PID 2156 wrote to memory of 3016	2156	iexplore.exe	28
PID 2156 wrote to memory of 3016	2156	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6d4d21c7d5a6bc2d0f01eb8ccf5f28f7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00c2922314085e91350019211dfda88e

SHA1
b83ac230e28db735bf0a662c3a6d6b1123d2170c

SHA256
22cb76599f4afd6f420198d1a0439072aad26fc74a6f42727ceb525defd960b5

SHA512
4ad9cca8b2f724bd646b23a8ba8b5c6e3dd0ec7bc951385bcfc6a0225c5bde707568d027728e87bdcc7e3a792ff1d889ed811839f272e67acc2aadd47743304b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c33dc95aac1df733e73a0008d41367af

SHA1
21e7ecc78258d5ad85f337cb19df6da750f0e9a7

SHA256
b7b4327e570b25adcd14844ede8bc260116b04ad34660125480dfa7be2c16df9

SHA512
9cf625db0a5f5dbfc2519204f39d94706772eaca62db08e810df98878c93435395db9da95e6b89f46ee07170a7cd87e15159878627584c3ae1bd28f8c36f85a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c06d20bdb7e8fd98e81e6ddd28adee04

SHA1
2af3be3584177da18a9e7962df13b5fe7820de9a

SHA256
5694acf262e1dda9823ecc0c0ad6b39ddc95c4e5b2ab1cd13ddc9e27f1ff1efd

SHA512
0237fc7fbf9c9d8e1cc96fee6b54a5a8927b8524c2b02371347473bdb022c634b1bd1c079e4172c8f63e563a925e1601256229cc4a5ab02da36fbfb12c87519f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5961e8973f3ca08a44bdacb776a51e0a

SHA1
90d62caa621edb495e0dee704e73dc0cd5a78f3b

SHA256
101436725d9d1105f5d1b3a384ef68c4cd10658334902fd462478214d7b52f0d

SHA512
b0103c27984a439a7e577566ae5959041dceb9135d2e3075ce0a9f8c3c6bfb4dece32a792bbdc08b2fdc532a5efabb9bfbe38fee88554d370bfd336094eaf50b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95a887abbeb4389db3d00aec53fc42b0

SHA1
fc57f3f0081930bf1cf3294101a62c8d308b6391

SHA256
e49450b86a8c261ef9fccd64d8d1986d19cad01b9a5822642b2ba20d1c051909

SHA512
300855fdc40f6c3af0f5f9c206860585166e9de03ce8fdf7868ed9889dac7da86d0e82938d3ee5e8b3e05d5a82eabb76cb62928ae6f92618f19116dd4d1e766d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e35b3e9593e4079ea7b1e5036130ec2e

SHA1
99e6f2aa26dd915ac315ce87172752a085c4fbcb

SHA256
90f7f569f88af47e1f9fe209228d66d96fe4679f5035c7927994fbf5276a0a92

SHA512
8bce4409aff7359fc006045e4270cbbbf9658e2759d00a3cc1de5771f394d0bcecd771c524b54474fa9ac0e01badf808542141c221c94e8e40ff9c67e5bc3110

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
286e506cd1b908c833754579f18a6443

SHA1
b76d2158960e1bce2b8c6ba30be3f453577a59a7

SHA256
c1bfcca414261a5484f48da730a2035a9b2edfc7b59801689dd9d4b2b2491750

SHA512
dc8954a155f384ec99c653691e2c3760b06b9486404078d74e7a5ee18eccbcde56dc0e475e1a4ef7747185230818df110711c4748e07cfbe8eef4452cf3eaa71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6aa4296249cbcdb330f9c28f4155ec08

SHA1
bace2eae04d69824de81bb44e28c6a547bf9e1d9

SHA256
8a93f5c5615edddebc82278db0f36ac601c2f7ee24f0f2af1cc64653a17ebc9d

SHA512
0d839682db32f27047d0379f9f30d77a77b8632a8b52fb695fa94ba27b4998fed717590c8910224488e6e26a1fabae295bd0bdde990ac29b965bc49177f33e55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24391f946b1507929fc8e2b6bc55e9b1

SHA1
dbc1eaf98d8e75d1222fbf115b4b008dea590718

SHA256
c15884cad62b29c289e9df4da2d5eaf9001a141837e57b23fdc94d799acba427

SHA512
68b48b06257d8dd0e2c48ff1cad2ac24fbbc8fb839f1294d3c528aeb3eef96f3ff0ea964b29decbff56c762e32f16e195443377d8411af31dc6c61177db44e49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4234962392770e3221516b0501d42d38

SHA1
91207bcfd4fa105166e8a552f7c19621dba6a0d5

SHA256
77cfe1b17318a2948f4955797de9b146617f4b684089e35f8ca833f5bb2e0664

SHA512
daf7392544e9517ecffce87a5e15d8cbc77ea7711325c8d7407c3b965a5cda7339325d8fadf7be5e4f0da9028119f9407142d61aebbb775d9c477cb933b172b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0ee2184698b3d4d0a3ec99ba319c35c

SHA1
82891e46e17e301b02cc6b157f19a41867b76e30

SHA256
c47b929089a9ac6b9ede48dd6df88f5f8224d20c938fc982794b5adea892aed9

SHA512
d4879cb473ab1aeb3b2a415edf9eb5c0df6325a23fb06ca4a85daca0b59ad5fac86f5335208b598b93f0afe05ec847de7572cf3bcd8c99f9075fda1a602f1226

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e0cc50cb09439d4579876a9ef201581

SHA1
b7e056aad05ac0ece42264e8bf303f5311a53030

SHA256
7fabfb3281995a3d645df5137024f3b0ad28a93298f88078a0d9a597e63b08ec

SHA512
81782d5f52e105ec733f7f8f29d0ca217e03575893818f1f93b190f71b9f7a9d111023fedd65db7cd257c9f3e10f0caf714968e3aec34d25ad4067f4afd5ab83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0f47fd51ebeabd604e78234c9221580

SHA1
03ec9c73ef1dcd23b7ab931f70ddfce4c803f6e0

SHA256
4b3052ba3bd2d8f771173d51631ff65aa7cb049374b542a5560ef9c14a28803f

SHA512
b797c9d1cb9666787c4f0c787619bd8f5286544f61d8b7172cdd63d43022a2bf17e77e10e58646a7a25c35526f897cd18fc30257e6b0be0c5c676f2473cbe489

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e54135d290929442d8bc673b88bfb95

SHA1
d9a568df7a6313111d5592fbeb84d169aa5e7ff1

SHA256
62e5f7f7202fe25e95286e2deaf02ac5bb190a7e1c29f81fa5c0d82145009a07

SHA512
bc7d347f35c503835cdfadc163ad6d664a0ab2c956dad49de556069b720106d7ea3acf97b25f44c7af218c0f438c15b0c26deed95d5177e5db445800f81325bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b29edf2ce14d535f07ce11bb0be3bbee

SHA1
550223c7cefdf1d2dcd7c273227517752248dcce

SHA256
5587fac38e3bd8c63ad774d8252aa3a8746c307bb8d7e8f508c09933adbdab0f

SHA512
7a2629aea19016cde3053193194a16977290e445729259f79ecc1c50b476595ddba17c3ac8e020a61702a0055b41cecf21c2706cf8d692d5b9aa2b8d5494a6af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7275058de05bf15701a6148e20611020

SHA1
e672310c313dc07d303f771f5581744b3e69bc30

SHA256
61cf8aee61a43957aa41bf840bf331f8b4f611f1f135a162f61fbe24dd597444

SHA512
db5c377ece0ec65bb333b281f4c1825a70cf0b86265dff94e0c62e57435592bc809d45a8d6ed1947cd14b8f2002ca3b56bb9c5c72cf4de693f886971b0f79ba5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22d5ef455fce1eee2ff25ada1adf8624

SHA1
a0d1078b8fb0d5722d1bbbce0103d0979f1c8f07

SHA256
fb54ac5df5dc44e39572b067b477c1ce88c6bd74fe4f16054659c3abf8c617d4

SHA512
29c93a1a9bb66511c7e3e5341ea3da0156253798d9523e7ae895fb8fa36e874bfe08963b12c167fa69bb5faf39aaeab82785b668d6b2e552b08f6e7368812f74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
923d8d69d44467e29aab77cdee61023e

SHA1
d6b888f51295f8bee863934b661c29c769ef1e46

SHA256
b90a983fa6d7dae932154dbca7a1403a809613e71bcc9e710b569cc1ce77ae69

SHA512
229600b7c997e7ad87e16ea9938baceda51fd9f3cb6d29fd7bdb9f67fad132bbb393b08900922d3cd7b2a36bd2a9f0587278fd583db23b199f1b6fac68b12261

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73604cd1a0beb88372b5e35feb35b695

SHA1
87dd2dfe407cad4b0fbf260c34aef3c247f12e80

SHA256
2d94ca52ef3b5ad42fffe20d3fcbf81ff32e69d0e84012df7c5be6cb03b4d230

SHA512
0bb9556b4e538f112c06a22998779c172b773016bb746a4625a4ad9c6783510454ed01de47091bb4cdd92276ff8d1f72bf6b07451a40559946708ded479a7647

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE64.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF55.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit