e90b8d6fc85f8d453c3ace5c4cf30c1e29346fe5bb3c774a94c264f150ac59f4

Analysis

max time kernel
136s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 08:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40e5ac238a2a1b469c0a0053de61ea4f_JaffaCakes118.html
Size

213KB
MD5

40e5ac238a2a1b469c0a0053de61ea4f
SHA1

31153588b8c3fc9b6b35775164952ab4ed399b86
SHA256

e90b8d6fc85f8d453c3ace5c4cf30c1e29346fe5bb3c774a94c264f150ac59f4
SHA512

f1bbc9a57c652d71fb3eb33fdfb967f2f210d91a3857957aed16d66c03a23b9b71b62ae3e1e087ef5616f0f42209845d4261674885a1dba7c75a4cd7d23a75fc
SSDEEP

3072:SzJsemp0ypKMyfkMY+BES09JXAnyrZalI+YQ:SzMixsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{37F234D1-11CE-11EF-B671-4AE872E97954} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421838155"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2460	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2460	iexplore.exe
2460	iexplore.exe
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2116	2460	iexplore.exe	28
PID 2460 wrote to memory of 2116	2460	iexplore.exe	28
PID 2460 wrote to memory of 2116	2460	iexplore.exe	28
PID 2460 wrote to memory of 2116	2460	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\40e5ac238a2a1b469c0a0053de61ea4f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53f31142be6476adfeec19638ac4a349

SHA1
7c1590590e506b513df58eb4d06bf67c1030418d

SHA256
a3aac938ca3f845f84353ce95004e62a216c169b83916157bca473ceb4c073fb

SHA512
cd6451a3ca0ce4e69b212e1c4db3c0b33d042f259522a8068a1efefe774b91ff79e939831c1747eac2883a20801d5a20263c3f2948c8dbb50bd2241e2fac3ce3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b9bca8ae06edc54642c2e8b7931e691

SHA1
d00c6525926705b6e6de8544fef8f8d903a52185

SHA256
1874b17be9125856c43f868e24cf2ac721f937a553a0abf2b0d80d78d466bcff

SHA512
f3d23cde41c7990e069501660b04c84e8477dd815aeebb303879a203039a39460121fb0efe5e4182ee990dff4c9d6a72e89f860146c2075f682388528c7261ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9d92749a870582d280218689de7cc41

SHA1
0f80147cbbe19d22ba23865b7c53cbfef363a490

SHA256
4e7801628e0521f57810d33816ac0afe7398567f3819149014080904fea82e44

SHA512
f6f8d289037b6d6ed45d2f561a84fca67892553acc042139188a7c22393fd3f5f0db8cc04091474b54e3d81ce8ea151a0a1e2fd07f35ee483989e763efec600d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83c9239070d98435ded0123b5899e019

SHA1
f925c1bc51f07d5feb908cea380dc5ea9bbd4c1c

SHA256
3148c8e82d18407068391166df1c076c2410ce1784b1c5481a511da847f6fc53

SHA512
c3a66afad50d97bd49d15215da0035ff59029b9cce635bfacb49fc6c8d7f78910552f0c65ccebbaa1dd129daa6ea7d61c4f07681cf452a3fb0deb6e69006c430

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ebf88a4a199d3fc2098295a334d7e9b

SHA1
535a022c2f9d6db0b647c310ed131e9a7c9e9b24

SHA256
546f3ff3aee09b193bd42679d693ebb13d374c63fff88fe68063df2ce02df7dc

SHA512
46a214b5e5f892ff0bd76adbd71b83bae3fadd1938a525a50c3eb1f2f0b9dbc0b318b55d1bb485cc6c499be2b09e94e426e7a8ccef4c8134c7da071b28f62d13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3bb551fc7a03e43f29a1a882abd4f110

SHA1
1d66fd28487f1010dc2e6b692cbd28510752b07a

SHA256
d78ff113d8d2a07f94980b147e5bd3335c4aea44298db742b8cca6dac45c8328

SHA512
97cc5846ebc668885de455efe661bc161da19caf60d67b97f6786e684f91122e384087faa2786b9a8e63ab5ee3847ec5b657963fc5113561a3c4dfe8e5fa1792

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
785662e8efdca69a23f01f50243f0900

SHA1
9be7ccf7ace51214228ba4540f4f05c2a2e36506

SHA256
1ca8428c4dae3040098a55b146418f2a8b889ab95734e78cdc78f37dd4e36776

SHA512
89e4a1b5e3ad09f1820a89165e884b13b2d5712da15cbc8a8db3ff3511dbfe9269264fdfd1244ec48724edd1b2d3881fc44ab0fc92c5e91ee00da59aacdcbcc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd94d118a79752dc098c0733dfde2cd7

SHA1
5e943ab35d0dce69bababc3c16adbe0dad569c3a

SHA256
f60677dff6bbb5b198290e2e94b808f620bfb9bc91826afd6423a0039483e88a

SHA512
076344dbbe8cd3633d33fa6c5d50f427c84a94278684beb0e4b3732dac7d2bacf05282eeee208e825384218dd3ec7f60523d6f6070d3caef14f3be688a9c80b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7736290388e5f7f6bb97461fd1e13c57

SHA1
bd0b65e178d4f05ee9751840d324f7ce484c6e88

SHA256
04f2a9530c43925937159efe8fac4fe0730a985ef9e6a742db6adcbf412df10d

SHA512
c27230bb56b3f67544b077e4ea7e06778b72ff5288f3a85d2c6efdd528530d6534f14dac429e1eb3bc36a29b593213ec63ed6f5ed31aacd120310abc8b63b116

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f511bd00d3b8b13e80e9d15678e04e05

SHA1
557c940efd0131ba9270148331657fb6dac03130

SHA256
28c3935cec6b055a08fc9c209f1a275f21d06ac6a4c0f6b21b5a02d62e71edbd

SHA512
ff3e4b67a8da751cbaeb2cb1896e7767a6e6c1fd2a0865b3d15618b65abd577c1aea5f92ec4ff853ddd62da1e79cc0ca9126623bd78c616846102442929f9e22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
144212873c057f4e31a7ce699e401ee1

SHA1
18834db875c3c6a684e7eacc74bbcf78a1183c3b

SHA256
e4dd0f8215a8f202f42464e02909cf062de817fee6d01b64700b0d326f007cd8

SHA512
2b8260cf0a8fbc8e829bdfc55f0d958f4669f1d42013eedafa505955701a5bb7fc21b21f36a60fb15c0ca907feadefc1d39b7e2656c6e52112c59bd3de03f5c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdf634cf366937e6361f0c97ceccab1e

SHA1
170e601b8176b1eeb65528be9b945266df957ce9

SHA256
a54f2c4a33ac128337e2586361b16cdda1f4390d099dcd357dc21e79c970f699

SHA512
73406b472eb981b2ead8765799f8bdbbb094b2ac9aee797954336bf14088b7ce144632e133416c08532e0d353bc9a00f6b7ae054a56a970e1208bd3d9bfb46cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6daa4f45a9173d331a9bcf654bb1ec02

SHA1
9468aa547ae36f59cc5702377d9c8eca6ffcd8ee

SHA256
edf4bd18b70940c41d63555e3bd76c74a55f6b670231210b8ef6f3bc7092fc2c

SHA512
14a9b73ee954bb0769a4e7af251acc735cf56a7079afb6f149940c8bfe5707c7fd38545a7b10c9fb11b00f9ab0a3de3d7512669c3590f18acc6fab20d0ad08f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ccd1e91851c18d3253dd2cd9c8f7316

SHA1
44ce3513ce96b11468397ceedf1e31326fe1057a

SHA256
c6599004c6002e3221ffb0a49c8257cc46e6c64e99062dec17480f763139d1da

SHA512
d0339561573d0bef89293fb99ed377f30840721bf4b1c83a7c41d993f156149534970d634d38a0f761ba7bb79c1a4d3abf07fe0216db4fcbf66d72a754455842

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2923d95d37fc421b6a521791d854337

SHA1
aa249663c5dad6aa95628843dd89769a12e4e720

SHA256
f2c70a5d8e0bc115b6b74dd0fd04a88d350e549c6595cbf02cba074881b48f7e

SHA512
712c6fff8c15d7747eff63d8a6a79c4b0ba456946dce3c40536e8f9b5b5ec586fa548af79f0fe7238177cd6ed5ba9c89fe43f6689de61eabe50951b4abb406c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf58f576602707cd72cef4ae22a7b082

SHA1
cdbc14f4b40594d4294a0e2e516b9a2bb7bd22b0

SHA256
b00285a749caad5a7e3afcdb7745791c99b16cf8086084e6f242599b997c495a

SHA512
c33f3713066f56ef2d56e089fef0e0f5631ddbac4053501f1a35df150985b8030dc7f3b1a163429642f512d77f9ffe968ddf1178737b3d8421672f088fd49ca0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b58b949662133c2bc2a11412b7f17eab

SHA1
bb766aeee5eb218ae82b6e177ba95c0cf28c6b2c

SHA256
5387d9f94f25b2402e5d390f1bc3ba7dcd827aa5df7bf13fb305885a0f309105

SHA512
7f4c63689b548eb5e6a9d9f3f115dba958c04f3d580874d8546b4a1216d71e3f0a1bb0c8fb9ad83eed7b8a24d98609d6a3f25c8ca1597b1073796d6f6d38b56b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e4e213e6a99d040777d848baa0c1704

SHA1
53bb90023813318faba2a4f9b07db86c78e1fa3b

SHA256
585b91402aa48767374c04bd2af94d8eb9907ef23603d419b39dc63ec127085c

SHA512
691527edca7e9f992dcc5da66f63c83a3f7f8ce221679931d6c32e17c16087f9da54f205f12aaaf6e6bc00ded317e1dcb1e007b7e1a2fd56504e7979a58a8757

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e71675578edff76e0a8888f153501a8

SHA1
a1df8a5f969532c6134c480917329b1231349601

SHA256
b1ca541aa3c174a1f0a9b50841d905f1f1ee7f97c8a02128dcb5c7005f8dd8e4

SHA512
411da4393136f23563c7986166eee1a83a5cfcfedd44874f7f0e8daeb4309988ccedb12519e508f9e901eeb868ecb46739a54a1e74096be1076c95da97eb0b9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab988A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9957.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar998B.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit