6b67e52b094c12a7349b18548c9b97b14167b64f100ebd487157fd3a52da94c6

Analysis

max time kernel
68s
max time network
136s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6316de796eff839eaefeb5390ebbfb1d_JaffaCakes118.html
Size

4KB
MD5

6316de796eff839eaefeb5390ebbfb1d
SHA1

7d1ddafa146835adf6da0e3cd569b79f39f60559
SHA256

6b67e52b094c12a7349b18548c9b97b14167b64f100ebd487157fd3a52da94c6
SHA512

f4232ba39673523d8867350e8b314c5be07d6f825d406cbda3c1ba268a5afd22b90a63eef337c7cb5486691e787a27e1d3e6ed56d19ff405a488f987a0935358
SSDEEP

48:rrqgErfWDEPMjS5MoMBa4Mlu3rPCOebz4DyQuht0i5:SbfWEP+S5p8aDmrPpeb0DYhtZ5

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000ea9f75b26ff17a9ab806414f9714bec651046d63e8b2c1f1044556b4808269b6000000000e80000000020000200000001b7841cbcb130518fc0a95337b192f9aa34762c061ea72c50e74c36a496ca9b82000000004e4f5763f20057a37190d38cff561f2da6ae70c4e148ed644292ac60987005d400000004c1a2012159716b9c2e4e0a1f81bedbcf3198c9538dc88f340ae7b4ef91ffd07051fabdc668f69831860a0c5034223fc371118e0296cb1730dd02fcb4fa7d684	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427810550"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0c6bea02cdcda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000eb0523b6342db5c8841735eb1b5118388484930e81aedbb767cbf2ccb631a867000000000e80000000020000200000004df3e75e5c1718a31618054605b8eb427135266dc0395138bda3db282de28507900000005bf914430e48c0b9f0ad18ed578882c37389b8b6c8645d331bca82070c3c948bb707c0827c38d1fa975aa340e37a76944c8d3885a3a67b43e24644d3d665c4a78dc3ca16b33028a9c634a035555b1a5c7f41670f899787ab2b25a142365d24ed18173185e0c2e277941042babbb3961d0539052a1edb0fcbe1f157a18b947f7d030c852a4d8a81a5235f7788ad58641840000000608fd309a9a133f111975469baa38bd661dd27c0071ed65f3724dfcc277b5add7b3814222075873e4403064b7915412752a2c0ef91e73b8c1bbbbedf825952c4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C8B9A391-481F-11EF-880F-D61F2295B977} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1848	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1848	iexplore.exe
1848	iexplore.exe
1248	IEXPLORE.EXE
1248	IEXPLORE.EXE
1248	IEXPLORE.EXE
1248	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 1248	1848	iexplore.exe	30
PID 1848 wrote to memory of 1248	1848	iexplore.exe	30
PID 1848 wrote to memory of 1248	1848	iexplore.exe	30
PID 1848 wrote to memory of 1248	1848	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6316de796eff839eaefeb5390ebbfb1d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1848 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5e75cc0bd9543b6d4b15531aec23323

SHA1
c7f42bfe0f7815a987566e18b7cd1ce24df9e4fe

SHA256
a2162cb3e53de03cd4772a7370c23fbba08e297d6480c104ba64e46d6c67e5b8

SHA512
3f1b1be0896f85246351f5bfdc1215051b1b02a98a56885f188b4761e5a3c6b80bf40c13389301ddf27cb2fd7a24edb52e815dcd6464fa5107fd0222479c4b2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b034d9fdd47aa6671aaa940b87f67dc4

SHA1
4b92caacf90e6ef5052e7acbb47c1fddbee47b9e

SHA256
183e30a6b22d9083abd8fdc159be5b796ef7eeecd9739a93106e4afbd0d71233

SHA512
e462ec3d776ac10aaba7401aae92817a3a0843d19b49e88f6d84744e451c6cbca85d7ee559c7861b41812b0090917f47f36d81728571c1c1ffb6ac623d55d443

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b2346589ea357233568fd20f7261703

SHA1
abdbf37078ca7e293e8065ca683c72e052704ed8

SHA256
9ae9024e7d462ab86dd96564bbd99d14d1f8a14a3c120fc8b5b151f2439223fa

SHA512
06e71b34ab19d741c78e684d9995fdb92b0070b4d9fdb3e21d8be925be7c300598b413a18da54dcfe54aa037ebee04000903904eff36df4e84218460dafb46a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6813980478f0d02341477d8e6040d9c4

SHA1
7a5fa3ce36c763f895e938307d3bed2b754d0233

SHA256
d23ee12028b589ae5f38a5b28f8786b0b1a3ca86512fcf98a5c0b2ce3d5af0b2

SHA512
f759a0ca3db6fd23c04d39c888631a49d811fac77355b486efb495f2a259c6125c7cf567c029a1589ed6d66b2fe047c0d6cdc811cef60d3d05e1df3d63a1a1d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b63ce21e2ba2af0635cfc14735bdad02

SHA1
92a8b9c58ffb40220e93916ebb696e7823b16f59

SHA256
66709391f697da603fc7246040b0864782659012a937d09522aa19582ecf4e5b

SHA512
4d72a5dd66ced8200fee7e0318be7b9c6a8e57b4c52b9d8a655d40c4c8c9dffe4a100cb56cb3f3f482526bd1f72ce68c808f67665cbe8fa512861b7876ef3412

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d83ec8a48bf3ba98d61977b82c88960a

SHA1
8db039277f9f25b375a3b93fcd10b8475245fdb9

SHA256
91890439783813ac4a568241d2f2a94b837d8a933b2f50a946c5fc81438e70ff

SHA512
78eb4ae7e920198fc1bc185d53d39fe0100b04a45f810b04cf70b81bdcaffc0be08bbcd391264c82f02674948e949bde9cf05c86e220d782b7250b1e18a3b385

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d87de06b4baedff007b26dcb8fcd1299

SHA1
d239c1c3bfbe47a75113efb3f2c066d62e7ef8b9

SHA256
8bbecc11c826245f5ee7428eccc138032bc604596d9c16e0e33de904c490e6b5

SHA512
8390d0e053ec1e7c41a0e5efa2a50796c63e1b518af27011ab0383792ba7ffbb0b06ea14e8543a11a0877b2b21da7755b9b5a1e2da754814996049d9f9d83cbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f813ab9c7d41d4a1c244679914fc84b

SHA1
ca5c760615ae631ef7fe70fcbd24ea110b358e23

SHA256
f1f4016a7706c8e3947e2e4eb7bda2e78ee748db80b5f8120cfb479c52e2715b

SHA512
b7bc80f4236e9aaaee8c7a1cea0555a04bd3b31d3fb23a2f773c8b08d6d45ddd6d3c133bb30731ff4359c934f31decf68573dccf3684a7127d93a1d855bc9222

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1bbe74cd13778ce9e8e12fe55c8da01

SHA1
fcb7388e8aef18b61f4b5c90b4526df77ec667da

SHA256
52867cad332262385671cf554ba71d53f8fa0a22bd6a2de380169a3b5007bbeb

SHA512
a0099e3c520c98a0e10acd19414c5b7d31da109c072d04c4efb26e5cf96e59f8830181c77b02b2830b049ac7173ddbadff822d3590df656d94a137b2d33925d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
767517cc06720cb248307a8a8c022a9e

SHA1
67c1fe3c842f6331599ac7a6fd64438336239a94

SHA256
08e2d02c26a24e8c79527c289f3540a4df2a92bf3abe1c09868f746c5fadc3c9

SHA512
7a554f8e71ce8956f7060376a524a6845ea75a7c3be1ac4c77f329cb8328154b69a664ba182dfec14b64562036e026b79df1ab16d17453ced28353510eb9ee77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21a20688b3ec7a1be1f6341f9e025c5d

SHA1
faff681b7a95adc20c525582509aa182c6d13542

SHA256
418395d74e58e72ee19d409303644e5b359cc30f85bca577228e137c156cccf2

SHA512
ba3f8f09908eeb0da4ca0e4b3d93312d221ddba841f9f7407b75781c14b68981c27e1ee81e37361f0d74192f4124a9dd007c653e867d7ed6f371b9943a4fa49a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dcec26be3d42d5fc3347e7b7a2753b2c

SHA1
a484167f27bcff456df23284359cff1e3c9267d9

SHA256
771341dfaa05063f6103dbef706f04e4ab3f723cb5b929ceedb9614c31669ea5

SHA512
598376693565b1eda92863d37d614b6bb89d008f5c1a46b4ecc87a7cc8ebea738eff3dcb6357675c93c6797d9601db6ca463768a0efaf0ce720c8b6048978edc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0d55ea6ec75a958f0c4f45c14677216

SHA1
7c13b9c316069e67bbaf37e2cf791e40a85dfa2a

SHA256
ee24da2ae25400e1a1043d1c0af92c943298a15d3833836f559b711b5d0db5eb

SHA512
a8dcfa0b829b00ea3f5ef8c6d04dba316d071963c0d30c1014a14828d8473f7409bfc1ab807fd99a0971c231242b42eca5d59d8a1c79c1f7cc68280ddcf77546

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00100164eb1f1b38a7a5348f066c5c35

SHA1
8eb0569e53c857eac9967ed217fb6641abed1c2a

SHA256
fe736b1e772e2b1a096729543f43db7454ff99e04d878c8db2f221885e33396d

SHA512
87c74e6bd7acf77d1716ccbc26ac3a5cf07e5b5b01002e18ceccdc7fb37dda9470c715be643195f382524e988434b047b99e9ded89e56ce23eec60f8a50f38c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2b87a17813b2ff8686cda16db26a956

SHA1
b4831e30734de5be2750e0fa4dc84aab7bdca84a

SHA256
1a712230f0868136d1e748b444f927355c442f1966e5d77f2e036202f8af604d

SHA512
eb4b56ddb129fb91b570b23f4f6af5047a5733bf1ed899ee7450312d89309fe617a53a7f104e1017bc9603c788acd98f61f6e4f21896aacc69cfbdd30ccc0a11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abce43a3569cf16f7f0cb4b5640aa505

SHA1
410db9c240e979b719fd876208156f568ad0338d

SHA256
e0cfeeea4518ef9287303c8a4be179c3b1fe662ba5691d673487c4c44c89e4bd

SHA512
4751cae7b79e5b1f94c6bc0877ec633b55858bcccf406538e2e2488aae0e2494b37b015838f90c61a0e473cfbb378c06b1bc70bcc24883364ba48c24f5ac53b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10c24328018a52a21b35d261b3847cb8

SHA1
7d770fb3c20a3256f0080afb8d9f9c6af0fd7476

SHA256
ba5672b707c9e3e3bf93a3d66d7c8796de93e4f3a623dbb3efa23a41058b4ef1

SHA512
ba428f61cfc6eb8dea292afdbd96c3a49f755b4d01e749c9899f876b0946496585b9eb5254a4b815327c5e3031e69aad2f3f75266c0fa801cc747af9401d6166

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC7B5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC864.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit