d746072de04e10cfcf3df9b60e46e29a16ae0c78879d44bcffb6bd023425ce48

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 18:14 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f6809936ab2cf57659c06e6530da04d_JaffaCakes118.html
Size

23KB
MD5

6f6809936ab2cf57659c06e6530da04d
SHA1

b4dcc0d40133bcd6ad6a4bf1c09519cd401ab61b
SHA256

d746072de04e10cfcf3df9b60e46e29a16ae0c78879d44bcffb6bd023425ce48
SHA512

968cd4821dce7e76556cc9249f2d6fb876ef52f2f71b38408b178ffc78f37e9b0d04f899e05654a737c7faa0a045625d9e5ebf997b7fd170fc18051af3d92211
SSDEEP

192:uWrkb5nw+nQjxn5Q/jnQieCNnknQOkEntxdnQTbnxnQgCnQtgwMBiqnYnQ7tnqYI:xQ/SU1

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6C148D21-19F9-11EF-A499-62A279F6AF31} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422736320"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2000	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2000	iexplore.exe
2000	iexplore.exe
2496	IEXPLORE.EXE
2496	IEXPLORE.EXE
2496	IEXPLORE.EXE
2496	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2496	2000	iexplore.exe	28
PID 2000 wrote to memory of 2496	2000	iexplore.exe	28
PID 2000 wrote to memory of 2496	2000	iexplore.exe	28
PID 2000 wrote to memory of 2496	2000	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6f6809936ab2cf57659c06e6530da04d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2000 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2496

Network

DNS

cdd.net.ua

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdd.net.ua

IN A

Response

cdd.net.ua

IN A

89.184.88.6

89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.6kB
9
12
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.6kB
9
12
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

52 B
1
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

52 B
1
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

52 B
1

8.8.8.8:53

cdd.net.ua

dns

IEXPLORE.EXE

56 B
72 B
1
1

DNS Request

cdd.net.ua

DNS Response

89.184.88.6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
514fcce37b7b0b08a0fe854abb5a07e5

SHA1
4f8ba7841b67653f805c9b0add0dc5915351519d

SHA256
4d162df21d54d01792684257de129386501daf6d7d8b845eb14d0bfab6cc5236

SHA512
7780b3b537fe07efddac1dfc5be82a4be5f7fa44078e61afc719111af30cbfea7ccbe41183947a28cd9dc887dfcf406ac288dd049a3603aa3eeea7f2d2b6fb14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6a7bfb79f8d9f182f59def09c8b1c56

SHA1
46d4b0c78a33b865400433436ba06176c97ae21b

SHA256
bec33af78f724ca750148a7e33d3a29e05b1896779a8e0088b542d15487bda65

SHA512
04d79af109273052012fec3627d3bca5fb01a840355789c167e635d6c0741821d8f5d522b54e2dbd5a4fc03821c7dc105c7f7903c52270e2285539fe0295f256

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f7be03191b87431fd62b3264f42f4b9

SHA1
e1377662095fb130872eff5331e8fb36486ed593

SHA256
22419495634ffbbd2e6fab6930daa7f1f61447a2610d90d24d984d36c000e649

SHA512
5abd61fd6220defca4d28fa4f66755058567e50f8a85ecb6d0f8b11430a9e5cb9d4e8bb6f26bc659692c530974c5d9d64a4e12d8e2a4b7e887afcea207699e28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98c42e686a5b999fcd8c2e0f214f36fa

SHA1
6f6db3136beb733227e54c7c2870097e33b12dc0

SHA256
ef89efb4d12fcd5ef3085a90bd7acff7c8cfb9f20ef0e97e4eda75aafb2dd987

SHA512
bf2cdee3f5df87936391d575089e5999381814655e8cda94a3b0904d30439de1acb34f083cecad34dbfc5464ed0aa26e8ba093790ab09cb58b5fde900115fc7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81c6259025d177a4f0fe95e4df66c2ae

SHA1
f8d58f58cc78cbc8d120b4036f748e85039b8ceb

SHA256
0f6c5aae458dc72e4893f786b5da4aaf63852e1a5273eed9d034ce186069f3e7

SHA512
79cdf7ff425a13f83611424baba4fbab6c21be5e1085cae15ccd19d5172bf9d5c98534cf90e70382f44501db2cb97b682cb4c76a78b0fd595fe8ba885845307b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d8b9ec63b9d57a457f7521b500f690f

SHA1
115b4b9632eb314c0083a01e6ea5cce97c542aa2

SHA256
b71f39e7689a7ac9690c066a11760f0cb6bfbc793a72d3c75a5cc338b0439160

SHA512
03b032f0d442235f332e7b69043d2c29dabeb2cfbf07476b37aad0d84002cf5fbca827217f10c960bec8f2c10fef0d921dacb07271b683dd3045d380d624a27e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e6ed6330610c979e619eac0ef72e9f7

SHA1
bc5adf1800bddae88623910a53e418c381a6301e

SHA256
9b3eeddaa18e5ef5657ad9ebc3221ae329cd74af971931a5cf97ce9b718ff5b4

SHA512
e0c4e9387447a90f2f601cd0e5d7c870203d043b08f52f9f347e21c2f3e44db50ec0913d3d2ff3d972a8c6638d45bb7986b7eb3510464b27f5029fb91ee54f1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec2deebb6462b30c2d9bb3d9211d6fd7

SHA1
8b3bed867051b900ee8ac9df3d4536a8833c0dd5

SHA256
8a290b630f438ec8797a7670e34cb98746eb375d9545e7db428f58965e58d930

SHA512
8dc11fb4c0c1caa609f1e815ebe84789142b691fcbd768d436bfd5572788ff1860030b3f35a7a041d05a65716e3c69a66bcc87e94ff5af1782390279f09d5047

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50d9370676f89f99f8b8f905ea579e58

SHA1
5ffc238bf2e2fc2e87fdce414affdb9247691aee

SHA256
d89154bbd589175ffcab06994f8995934442bf164ecc724cc7fb0e95b1fb6ba4

SHA512
74b94e9764a840f8845f57f2c24dce9eef45244aa6a6da03146a8a902f6a6b59d69990b0cc6ac9fe0ffd1c487f701e398b7055036d766b9853ca43515558077f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab10F3.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar11D5.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit