260096095b89a310a962dfeee0e534e1dcec4e181a1ed960037790d4b72b7d15

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 17:33 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76423b79bd522bf2f199556cc22519d5_JaffaCakes118.html
Size

34KB
MD5

76423b79bd522bf2f199556cc22519d5
SHA1

0319663640a7aa525777b2901ebb808270d0ff3e
SHA256

260096095b89a310a962dfeee0e534e1dcec4e181a1ed960037790d4b72b7d15
SHA512

50489f286560cfaf200ed8974c5ea6c05640e955fc302a1778db41e23c867bf117d0d6c18653cbfd111e3c17602e295225221a91ca17b1a3d4aa038f3f44caaa
SSDEEP

192:uwPZb5njWnQjxn5Q/FknQieZNnAnQOkEntPGUnQTbn5nQOgAcwqYBcwqYZcwqYQN:vQ/VApb5pfb6PByMAr7J

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{234523A1-1B86-11EF-8C89-6200E4292AD7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422906707"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2232	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2232	iexplore.exe
2232	iexplore.exe
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2836	2232	iexplore.exe	28
PID 2232 wrote to memory of 2836	2232	iexplore.exe	28
PID 2232 wrote to memory of 2836	2232	iexplore.exe	28
PID 2232 wrote to memory of 2836	2232	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\76423b79bd522bf2f199556cc22519d5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2836

Network

DNS

cdd.net.ua

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdd.net.ua

IN A

Response

cdd.net.ua

IN A

89.184.88.6

89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

831 B
7.7kB
10
13
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

52 B
1
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

52 B
1
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

52 B
1
89.184.88.6:80

IEXPLORE.EXE
89.184.88.6:80

IEXPLORE.EXE

8.8.8.8:53

cdd.net.ua

dns

IEXPLORE.EXE

56 B
72 B
1
1

DNS Request

cdd.net.ua

DNS Response

89.184.88.6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc87ed25ea89678f4d8911bcea2d8d80

SHA1
009bdd0b8209464a371fba9ebca1b8deadf75ac4

SHA256
6c58f9cdb56bcadc55bcbf2df29c47c4c779d7bd9b7998c253c29315be1f9fbb

SHA512
79a87c4388c89e8ee1a00d8a1c4fdec947019008630fd55602368e95a4f06b5a9be8c1679773ed5b2631043170e7502a769c977f2aff220979328f45006f591d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af3c8dd8016a858c42c9605e529fd6dd

SHA1
4cb6637949c0cdbc3dd93ffbe747b9e7e23ef29e

SHA256
f96e40590f3a95ea01c8ef287b939b4caa55631a0854b4ef2265a9ee5aadc734

SHA512
5736c636405a0359457d606f3def1db934f061267ab0cd0e66e110c1aeb0c6534b551bd73957739d459a563f108e07dc6d48bf189be01eb57e4965015a26a243

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05076524223e9a196632c32082be8133

SHA1
201c5751b9fbc19cb21c06e1fea00bf47351b784

SHA256
ee06ecf53b121dacf22d1ce7bb8379ceda8777320f6dbc392ce2100a32134ebb

SHA512
b8e16f33d3308316a5f079c361759ba30186f0478ec394a89154cf526aa2994c60b68e989a3b0d64b2a2863fde26e4b69ccb5eff1e84ac70901cda3b66abfb2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62795cf1ac315dc89a7de15c5dfcfab5

SHA1
3207d8d981425aa7ae5dfb61e4edbcccd29017e5

SHA256
d2e1490cf6f23f24ae11419ac902a3b87be43a539bb4cce9fdf713ec2124f6ac

SHA512
38c5157e492734eb572735fd89ee4bb1d3e8ad0439b3015e32183aac04881bd364e9b15ce72f6310420477fececbf4a756e72df351497b939a65eb6bc79ac0c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0edd093df5ea159c8c2eec39782f961

SHA1
2252709cb67d5e326625275d69dbb8b4c8db0746

SHA256
71cd1f28dbd8b59bbd8a8cc903af30c2f764f6df704c36bc7f56d72d15a6ba2e

SHA512
ca1c8a384c2f828af2f99185c4f0ec1c8bc178feff7b5b6de59c92f2592b79144b1d248378f9b53ae0693aecacb1fb3987651732132b96fcefccf442fc868403

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa9c1ffd78d9f98cd847da5e0654c73c

SHA1
28811a819f1f334aadce41ece547a4b1c08ccfa4

SHA256
931713777314946d93a1c10db8658173f41c59f84e633f46e14d0f5005282545

SHA512
c8871cf57c2d16dac14ba7a7554701e916a8e01c496c9c884688f7d14788381c6fe32df75391fa3a20fa7d5ea1a2b0c5601fd5a673ececc3439647c6874b604f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c24d1f8fadb07c0b6fca0d547e4d998e

SHA1
21459a0c6d9c3efe2a5244e32a1ff7019f45acf9

SHA256
4382a384b36e7e38f0453b514b2b5f2f5b3cdfe8a7a474df850172d1dd3feb5e

SHA512
4b9d4f3b959a5649040d703a44d7f01b4cde2076f5cbc3374fc75ccdec870b08c097a14cb9e541ee36a163c272b68e8c159fd4184907311d786ccabbdbfab71a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fd45e332dce4893a433999e4878cfc8

SHA1
d40ca6520ceda53b5921b8f4e5b688ddba8d40b5

SHA256
205c301f67f00bc62e4ddcf210e54587b8e078dffa12f098835dcaa6d1559993

SHA512
b6ecaad58bf7d1a295eb00f7101e86743c142a6ba2b790b2d61220aaa919a6ac0273aeadc451290eae56cf84c70db2a36107d81d37306792c04e650608bcdd70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
309a3216f42213c8fa5ab4673c643318

SHA1
49d87fb239993f4dbce7f7ac84ef9f8b565aaf13

SHA256
2c4eef9e19aa2e667d9444933c7d854ed8a6c1faba33693eeb6260f844882d25

SHA512
296a394a63ea6b8786bdd5e78e4324cd03f4f75b0a1b217293f01ece9e78f79f95bcefd782224b00ac635e2710ec1dc760cbbaf97636eb955e221147c989dd49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2397.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2419.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit