eebfd6a74f61f0a728cf09094ac29927651ca6dd5a97453ebcdd5dbe458c2770

Analysis

max time kernel
66s
max time network
131s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 05:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a9439d4b0da4d8ab2caaf2dc5c23b70_JaffaCakes118.html
Size

1KB
MD5

5a9439d4b0da4d8ab2caaf2dc5c23b70
SHA1

0685a6c8fb00f535803eb9b02a8fb9347f153f7d
SHA256

eebfd6a74f61f0a728cf09094ac29927651ca6dd5a97453ebcdd5dbe458c2770
SHA512

0ed6d59b1d4bacbac3cdd4dc0c13f35e665baa57ae5863946bb69eb701358579e5f509f5c6b3382d8ce97640442271e8c946a23877d4830d59c016b7018f4e6f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000930ed985b08cdd4cb38e38023150682b0000000002000000000010660000000100002000000093d9ff5f1e22f3eb4fac0f73cff75f7cddf52a2c6e36076b11f845877ec0605d000000000e8000000002000020000000cd26269fe7a789d1a5f6ba5473d79a9a52b79afc86f85df874af93b903a3ec0620000000d646dd72358c3d2732484bc6281b47691bc7b0649d6b42b0c799787a8a9599ca4000000004afb41d846c2892d5271e0fd3f28c057f77061a9bb3c1211eabe8d1f198ecc4c8d0970f64d6d266ffbff54fdd584f805317c6afc65764df9c9e95fd44e92362	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9EC9FBB1-458C-11EF-9B29-FA51B03C324C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50d9217499d9da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427527440"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000930ed985b08cdd4cb38e38023150682b0000000002000000000010660000000100002000000036cf183b5d16a36c8a018d865f26fc37ae328a0f746c1a8bb808fd3a41931ce4000000000e8000000002000020000000c5629b65c12c19091c6c78a029b4d2533641c5ee27573f9d3bcbee7459657cf79000000099314d94ca060913bdfeeeddb7bddb69637f77734470cbd394feeaeb69b7666c6fc98e46c717dfd4294f3302fa89d651aa8e3f5126b376df22fbf009cae0f4c72296150e6da5b5a280f53787d0c239e9ecbd86de1c88cea3fa9171069868e8d4b1de9af4f4b056c9fd29c602e9ddcc5ed7947a315561a71b9e32e0d22aed5052359fd501ff440d3866e23158ffee4b7d400000004ab3aa2b15b732cbdef82d320a60169880af05b23006ce1df5b5606e40cc3ff7669af509bb54d3e2c96bd2a6da547d9e5672eaf9b659bcb784ba695d6a0b94ee	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2136	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2136	iexplore.exe
2136	iexplore.exe
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 3044	2136	iexplore.exe	30
PID 2136 wrote to memory of 3044	2136	iexplore.exe	30
PID 2136 wrote to memory of 3044	2136	iexplore.exe	30
PID 2136 wrote to memory of 3044	2136	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5a9439d4b0da4d8ab2caaf2dc5c23b70_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2136 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
609ac7d90c92c328c5db104f01b6b27e

SHA1
590ffc1352103dd49115719cf45ac3c4a0439765

SHA256
1fb169053dcffd4d37f31d98620e6606ace186d6cfc4cba57765f64751705bf2

SHA512
9399d05d6638b103cdc7dd864ec5ba2a357a5700fa63b68a9f1c93adb07af3cb3b817a4cbdc0f3b5fdc2a716c414631c050144372157b955b5bcdaf7d9a8b722

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
078c896e376dafd1cd0874c7775e445e

SHA1
af752885cd73eb840152a7aa6d09b42abd8c66d9

SHA256
e9c1a12c2551da70936f493c69e9044ea694d7ffc8a42bf5c149cbe4126e2a14

SHA512
a0c3e540637e3bcbcd1e5f07ad3089c753d01df839c187d40e7aafb285ecc4e052335d577cb7159ccd8c8855eb27087b052999e194d25518512081a4651b0c97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9eb608a7ad6a0327492eadfed4e3adfb

SHA1
00dc0568534a849f2bf8aff5b698043a09b82f56

SHA256
f41795cd38dc959d4d9f691f795468e91daf05824fcc0564ae07ff007c2fca3b

SHA512
7667b2bc96a3686791b4dafa6098462919aad8e1ff72737e752508f1ac9a5587434a24d825fa9d0f2344dac8b5f095c014bebda30b89139656f8c5660c51a741

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfbf714fa2ae09b76b8a95e50c74f877

SHA1
84be7f7f05a7051ceaa3fc5a9be6c306e0dc005e

SHA256
7d26da3258c7bf48f09d63b0fe699abff132df626b210ba81dde9e1a0233b0d1

SHA512
67934d8d4b62e0cd00fcc60a1cb9d3dd43795820f231d5900ef20005e8109f2d5584a1e8b3b2aa35e745043ae8ae3f503745cd9b36ed363bd4fd8be509b21620

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
035328bd297da01bf9df90ce4b435890

SHA1
289b7585cabf41c5e0e66a1abefc81c1b89874d0

SHA256
cfb012dff67d68f26092477113ae5cf0e443ceb8c4e71906cc756a1e6f5b127a

SHA512
dc002f1f6e954f8bf201c68438520ce55204cee4bd54ba9adc209e9abacb778e40b35f2ba0aa29a0eee1da880c06074211d1fd774d99a4b8cf178b0d72fb9530

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4f1b6abf9dd7ed1c23818ffb51b8025

SHA1
bcebb75f3315a2262b992bf74e1ffa31843b0fc6

SHA256
7f13c72a0b130993787508106f4df6a8b9baee34b5c1857bcac715aeab0ffbfd

SHA512
020a4d010b8da4986276a3bdae606605da5ea6615a5d8a17bcfa62b72f8485ab41cc7346f7159bfd18e0733db6b60f5569b9da6a3685ed15b270a4c7fb6dd894

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
189fdd7486c6f9e7ad4340d858389be1

SHA1
d40f1233c586071527b3a3c4ce23d4fc6e7deff0

SHA256
96f6ca5e0af709483f64d426e190f95a7e6c9567c401e27328d1abbd7ba9f6fb

SHA512
644e3f1f77ec5716baf37359f1a7480a0b874e734500fafbd2d1eac6b13bfef6a9fa5eb42a56319debbacd70ee37926c48efdf036417e678a77b387a58f5c09b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3bcccdfd1be68d4da5695ffad8361a9c

SHA1
24257dbde951562a61c92fe3eed8ff96eaf8d4b7

SHA256
6611420d6f0db24e4293fca5e6cb19bea14b122d6003db185bb1a8684260f5c0

SHA512
3f550d383f2c72acc75693709a6fe1dc5dcfe7426073cc46279d3306e7388b1b5fd6c0d32d404c3e1ba9973e22970182175ffe69a3cb3a7e20e4f463f646f57b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63de71629fb0138a9d5a969bc4275b64

SHA1
800e02060c0c78598d1d240d3492a8d281810376

SHA256
7e543a4ed5aee76c62aef22630509b93f29113490419a6b996694604c5796d90

SHA512
cc755d8a159d26ffebb1e4cd5ba62f4099e385b5d0f09af7d87e02dcdf260fdf0590bec306f88c923973ed49e663eb80a5087ebb134925a32a767dfe042cca3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9edb720736b056def214a673c375d6b

SHA1
cf8356cfb5e5fa32757e3d73c616ecc7c0d514a4

SHA256
1c3e9f27bb5af6d9d39f2b6fc6989df2c06bdab69572475f5acc5d74f9931fc2

SHA512
376cae55b7c0a1f18aced96d0ea220ccb554b0afdee17ed04bcff00ad6f19a9062ddcb1108aa50b306628edd6458f651ee9c0d06d12f9975aea2b5a6b58eb6db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e5921bee6f16629f821caded836d9b6

SHA1
eb901d611ed65ccecf4d3eb4342c7ce5efeac70b

SHA256
11e8d4ade8bc69640d558f7c572af99fedc57df8ff88aa5933d9ea25a88a8901

SHA512
af5fe4be95b1d5daa202baccea3a827c307d0120924279fedf8d831d4f269972c6153c168909aed011c0c60b28f09bb81ac10463c7c5a9b9e1d96518d4a55d9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89e833517234dd6aee9a6d9cfc81a69d

SHA1
4c58e0d88c683b90cdd1feaf4650bfc18978bf19

SHA256
4cd048224e7eae135e59aae66f32127ec1b669da354b6c04659a62bcec2582f2

SHA512
b7e61fcaf218b78694956bac78f476523bfb688dadefdc384d1e6da55e1d43aba297ec875d58e62c58f1a944ccca58234ddeb6f5cc74f8ad68c817792f545a70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f2b58901c6266e3c729113eacb464b0

SHA1
5daaa4767344c2f2197211283bf6bb723002c999

SHA256
1b1822fe5dbd74b3f1d2a0fdcd84bb7b3fbd7197822d8d43dfa332f4c14aa492

SHA512
1d1c8797400c1c551a681195bdd36629df9770ca5f6c77f6d4809fad2fac1a77785e827f97090bcf0aa32ca9d3eeb92b3eb152c255582be5481fc8ddaba35664

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb135872189bdf3aeca1a5e9f4866390

SHA1
bd0189e533e649664081b960d24082602265e1a5

SHA256
4d887b3cb622eb9b1e2fda6870a6a11f36843a528e8cf3205bb9ef67774a3c9e

SHA512
298a3aeed7d0bd51d5a64add9cbb8339fe0fd52635f4935dd891eff1b2c00da3680a1bdfc9c7458fa03d715fcb8d8c3f8b6448743b9d574d171dd8f1655f6a36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d0dc44618d05a14ca972a386abb8c35

SHA1
f35f126614c79f5ce5a332574d99bf54acee1916

SHA256
92426d7c868d41adc5e8729b17832ea2a6a3d6fd3f0b3bd0b646e23fe2168152

SHA512
0890b9ef4e1674a9b20696660a9760ea2ff02401c5e9b6368c27335346782b47d4ae6850a4bcbcce05f3c1866fc5dbdc06e68b03f6a43e33faf272f2646d3e65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1096696306391ae220cd2d1fd3871dd9

SHA1
baf72c25868246d687c0785b3720ddb3c7ffc5e0

SHA256
de7ef1bfcfc42be298d43891c6b678b92010939c5cd3fc7106cc96f5753d2c2e

SHA512
a146671ef094494b8806834401223cf2f0572297cca9a1db636f57678922d45cf286eee56e9fa96f9be6781e2717c7cc5e3906aa2627c12fac4942f6695956cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a21efe5bd891c590fcfe72448cfbb3ea

SHA1
e80677cac0c33c1586e102755deba80afeb63094

SHA256
e2d1fc6fe0d69cba334a56d5ef1f983c9752968549a1551e2b6ad0f3c7bfc6c0

SHA512
5b5050c0e6a1626b24060e5c8fb644bfe1060f4036d4108acadd9d14bc73f7f491c62ae0ebf06bcf104d43ac634f78857e9717a25a7253a02e721641bd326663

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC555.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC577.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit