24adbed84bd8866158c7df6f416fb2c79c3c0fb53389aac8b700db3fbe427008

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4db0e9505bdaa43de7baed8fbc8f45e_JaffaCakes118.html
Size

35KB
MD5

b4db0e9505bdaa43de7baed8fbc8f45e
SHA1

cce3ea1d298efec1938dad7df7a441a55c31dc71
SHA256

24adbed84bd8866158c7df6f416fb2c79c3c0fb53389aac8b700db3fbe427008
SHA512

25ed65d89e6e7856f8d5fa13e81b927e0284b955d87615ad9a19cf90576cc1f0fb01c17567c4ddf7840b98f53ef6053923f4723a0e2fabf9f24c5ca20fc8c265
SSDEEP

768:MW/VKFvBxq2AY35vy9lSb3ByTU/WiqQQZeG2pjAoxluHpM:MW/VKbFpEM

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ECF536D1-2C17-11EF-852B-6265250A2D3F} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424728542"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2764	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2764	iexplore.exe
2764	iexplore.exe
2148	IEXPLORE.EXE
2148	IEXPLORE.EXE
2148	IEXPLORE.EXE
2148	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 2148	2764	iexplore.exe	28
PID 2764 wrote to memory of 2148	2764	iexplore.exe	28
PID 2764 wrote to memory of 2148	2764	iexplore.exe	28
PID 2764 wrote to memory of 2148	2764	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b4db0e9505bdaa43de7baed8fbc8f45e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d07173b68ec0b5482676219bf9d99a8b

SHA1
a02e485b7b18a2a9c0a3c924829907ddc8990407

SHA256
73a07a26ca7d9607ad98b872130dc1b79b4f23c99cc99715492359d5ff445352

SHA512
849c5645abe1664f834df05a36442361961cf6892d35fa94b8dc969edfe9c9b410d48a9f0cffdbef55e22224e0ccd6260350ed084192b391b4cf354dc5d572e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d22c16f1920b9bfad289290fa98b79b

SHA1
b2530aa6429c52c1447ece0c3f30d49ce326f1e3

SHA256
4eed541a9f47fbbd316841ab9a3dfbf0208f24c9099cf5bbf8af0246ebc40960

SHA512
27063471db95817adc163de8308fd329844d49d6da47d5255eb16f363769172c71d113d189a0a9ca9b5b1ce7bbbe28e8b178d4f1aac45729543f648dfd5823db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03d4b257e1f9047290173f4a37a8d71b

SHA1
0a7e0b14e64db4b793de1b16a8157e5d448a2919

SHA256
fa2ef3cef874509cc14dc58b0c77f0985c3ae1de474306343e21bae1c5ffb9cf

SHA512
10519a305417e26bf1c59beed62f7a51dc1b1d45eb14a03d7f6cd933a67f498dbf8e2bf01b98184a0b6cf57ca1bcceb7c08dfcc0e73c7ceb56bfb046076e2c85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9635845dbdcfad7d205fce229470c1a6

SHA1
3a45e7e10c7cfc62401938b956387674cb6d7cb1

SHA256
f1523c0e8ccebbb2f101d1c6755989e2348610e43480b12cc7a357af57f22fa6

SHA512
6cc1143fb43727acdd589c37eb2fedbf89c58f120f0e8305eef4aee41af2305b1ee3772aa77472a65ad86e1929a9ad78bf9faeda97f076db893aa7e0ffdd07f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b1630e935b09b1a3bf2b0bd7ad49567

SHA1
1e3f97280a6866d917003eec41204e655fd2bd2b

SHA256
96f906fbdaca826e6aff62f1519905ca29ed30d10ec8486bfdb9ddaf6a8c6217

SHA512
a39b058c318dc3952d003ae10cc8b0de9788218d75820a767c72f0b86fe44d03b28b62b7dbe552e61c4d5bd98669b7fe1bfaf87556c81a149d465686e5c3cdc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e7d0fed8dca3163380d1846c275d548

SHA1
29270ed4e22d72ef82fc69e50c79c654fc368003

SHA256
06b1cfe0187e38a8f8d5abe0a16e590dad5e92eca236b9113b346af66ea930b1

SHA512
0af96cf6d3b5358d1ee78b84390d2f8da0b6f5f43146808d634bc18f2f605301ea8898428b7a3203c7e60a4aa1c7d9eda41bef9f3f3227160554a3e7903d1921

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19ad5d256bb07003fd945bfcba7ec208

SHA1
43c12310e181ff61e14ab962add63747cef4d30a

SHA256
7e5ebcaeb11bcdc833982fe2eb09087fe4f5095e656c00d81545f91febaed46a

SHA512
6f8c820226926763f93c216ed293e5f71755a729f32771666b3bfc527ecefaec346deea93448ada609c4df05a3047751c55487cde3ec1e15b6fdcef2a60b911a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b65b00ef3a37e816465ac90594e3c270

SHA1
d499c374844c739d36931cf3a93f6982bc679a6b

SHA256
192e34a96ad73b122aa7084c922548a1a8f538a37c22cac810193ae3e941d913

SHA512
bfd338b267fc23605c68c9d04a689119d3eafac5c162130f09d496e47904fbae9dd237f42a8e6650e7527826569f19cb66371ff9defeeebdbbf1abbeb6876761

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c8661747613b2af8f1c731c7e99412e

SHA1
2c55aaa2d103e741fc5f4d68cbbdc4f182f3c0e1

SHA256
8d179164ef04ac9cb4d582a67227297be0e1d06c3b750a57c78fab7f94090cd4

SHA512
0a99af03292ea214106a3dfab2ad3ae9c8a30293c2a8737ae99eecaabb657bbc4a9ab143ff9c63495c99579f82913bb77013b829f0b9617001e8b1425acfed53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8631afb9b57cc081a0ad3b7505b378be

SHA1
828b96530e10b5ce138b7d8bd534291a378a75ac

SHA256
721a293f11ec43ffaa28b8227835db6d3f324530a3ab22093f54b847073a15e3

SHA512
a66f378af0c6036bbfdbb2784a28e43cd093c8b6fd7f58a689a2e2b0534590adde71214a5e2dee1dbba287ff7b3b1e798a983f193e44d468937e13f2e3494f66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ed29227bfae83f73e07c30c02ab888e

SHA1
9649050e59319dfdfffff34d05869a43fc2578e5

SHA256
7f0c2fa34facf8284bddbd302345a9ac36ad3c62dd38eb4904530c3b7a452a15

SHA512
d8ec5cab7b8b504406bf47bfeadfd63db552442094d6a078cdc6bb1bd3f9a2c8240618466aad2e13dc94a793f796873c89cf731dafc8076ddcedbaf2f0524e63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e825bd5c17f09fbb361795025313bc3

SHA1
575c8e6851d2d74a9cae1ca499e28f8e6d6b6112

SHA256
fb76761ed74df2e939e39749fc637e369d81fedb61e6b83f1c1e44ee10068271

SHA512
b973e4570bf703822e878a6a73c697032ad5251fde979404a86c45af5a06f61b449a9b73fa0f831497fcf41d73d6dbbb95d8e651b93efdef8f5432319f41cdda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e408e71f229ac56a0c196cb4e533a46

SHA1
a54522e1e72d406a7540ec9283bcee8ce2aff306

SHA256
032abf4e681220c79955521d2d7ae2392807ab263e49443d2f2780f225e743ec

SHA512
a497bde93698ad528521f7677b964cccbe6cf8206a39a839341ace45c90d076a0a52c015601c2a14d9aba824da82f833bb56a223ce30a3a7772b399054fd90d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2130c0c8e6acf8a7147e23ef091a19b9

SHA1
a893ecc0a4ee76b402f18516de0316aff4f3a106

SHA256
ba91826feb27a730155c1b566cbf7ff85865040bd6ed752b2d9f44cbfdede48f

SHA512
1d119e77d82b82a051bb451d0e624401e49f26d58f07ed2ab7cccb31deb3bf5041c65920186a664ebc69ce54a6e29d7d07f152f74e6cda88b01f001a4c149b00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a5b47b7e4200b8ef6fc4bed8841759e

SHA1
025dd01a37539f931929d719b9067de3b2b3f21e

SHA256
61a5adf5016416b0ae60dccc385abb04cda417f057857e2d27e6af0965f7bb4f

SHA512
b2bca07de65bd48d2f6d74df25c2d92a83499e26445e5c073be0cd9c3c7e55b2385031e60f2b439249cee955a1a00169c688ccb6d9b8c546924f930b4acc5f8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4bc0d12742636256b20cd0b78cbf34ea

SHA1
0ef945208f95817725a3a8f3f60cd93d6d3ecb8d

SHA256
beb8dfc6111bd23b45a9a2edcc854ef1b8bb97e3f841f11c010df13ac6b2f175

SHA512
cc06afb8377eac7fbba9918f64e5167a06b14f9e9788014ae8d8564330d05fa75823dc44076aa9d64bdadd0849f99a40b5af8c45c78e4f98d8f7d50f12de75fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b37aac9c8135ad3471d056a4a105b7f5

SHA1
a948cec4e6baa8b00299f521faee7f3557899dbd

SHA256
0e49cef3817730bec429ae29ad7957ce60ad3c4ae8031d7d2f8ff03f43da675f

SHA512
e01ce2bda178f2baa1dce8434af0bc8eb60a68362f64ba743043ee8d10c1b616cc20517ef86e1c25f6757f5b5b8fd17e26ef63587870a54ebf6a8cf50b925402

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ddcb222be30a1bb2536c128a46b64699

SHA1
0e94593e0fa8df50f9af6bf79cc8dc83868c6dde

SHA256
8493c0f31f1a12e6be7c87dc21cac718718e5ec9b8dc9a059eb8e0bff7811fca

SHA512
b62dc924f26e2b05cffde61fbe29bbf036378f0ca14dc8ec1bad26116658bab8b63185dd6ebf4c0f78e7e34b285009471a5a21d972d44f3395a7c79a79460a1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16aba9b72de9450a368856fe5b8e5584

SHA1
d48f0ead3caf456af5d71786c98d933453adaf11

SHA256
4a065bd6e231b8173902ea80b107643af2154739f11b5ac2ebd42f5af9e4f6be

SHA512
b0dced7700e157fe7c4914983141456e7b45d07dcb31859d43a85c9f3c44e9bc31c53cbca5dd74576bd03a65f6412aaa95e9beabfb85f0b80bb9e927b0121419

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab25FA.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar26DB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit