785f1a1e392031a62ef65ab3f294661f5783a7c23249c9256d9dc374e9b10e41

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 09:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40fd71222ee4effbc031f734e5846b50_JaffaCakes118.html
Size

27KB
MD5

40fd71222ee4effbc031f734e5846b50
SHA1

a871b25030ba1278d08acf15efe32143e36b40cd
SHA256

785f1a1e392031a62ef65ab3f294661f5783a7c23249c9256d9dc374e9b10e41
SHA512

77ca048a5fe7ad76d6a90feaa707e07e6007a3cd59c09785646a031a6a621ac52ad3d27f4dd3446d6748bb1edfa0f1c17b9e0712dc2ec6344f64886606fc1088
SSDEEP

384:jSIWq/TV4/jIBqqoLsE2UqW3CxS1xhGxCexr2x9Lxmpx0xx5xxxTlP5h+LiJrEuw:jSIpIjIVab37FF8oblhh+LiJrEx

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421840269"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2412F301-11D3-11EF-8A73-D2C28B9FE739} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2740	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2740	iexplore.exe
2740	iexplore.exe
3016	IEXPLORE.EXE
3016	IEXPLORE.EXE
3016	IEXPLORE.EXE
3016	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 3016	2740	iexplore.exe	28
PID 2740 wrote to memory of 3016	2740	iexplore.exe	28
PID 2740 wrote to memory of 3016	2740	iexplore.exe	28
PID 2740 wrote to memory of 3016	2740	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\40fd71222ee4effbc031f734e5846b50_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
eb8e603265b472167c1f881a938fdb26

SHA1
80038a8764610e7444e2a1334a27ea85e1f576f7

SHA256
911a9cf4055ecda6b9055b1ddc3fc23f154601f5040c8161740164d13327b696

SHA512
0e2aeb1ee89c70649561d4c62bf598a7be599d04456f24123c5501ff02ca29f1de783a3601d77d35d596f657b607f85bd194952a7b869413107d660600844672

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49fb68c54e7fc52c6a373f3dc7c105a7

SHA1
c11387db9f25b7c07e2eb89f46e42f45a2588c6e

SHA256
8120a073e818c6e4f43ccd7de283f57cb1b00959faf2770fe408ae8799674def

SHA512
6689c2f72caf825b987d1b83e06fc2b16bdc9c48be32bc81890cee1023e6321f736b5ebe2c7e076b6e8c3b956fa42d1a565ec564ca1cd1bf390d9afcf2a56a90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8076f5fffcf15ddac7d55f5cc639b84e

SHA1
256dc0ec311a63d3487fb2c52862f5be793b5229

SHA256
8f188a4dce691c1a1c3977f80fb84c26d9c3f38ab506a8511234296627c546da

SHA512
aab9e20bc69158b5ccf03e0e11773f02fbaf7a0067668e64251af02c1c2e008900271e54545e8ff154703e69df4a3115ca097c249a36608eefeca937c2110ac7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf17935fd22107a7d29042231f9c7f9f

SHA1
8fcae467c662a67f9150192d6c02e3ba3d2857cb

SHA256
ba0e43449c72a97c17e04e693d8d6eb22e0eef5b3c339ac372699e241163bc25

SHA512
132e6002baab5423c23bf32e03fa954415ad8a1024cad398d99ecaeb0a2e68bf748842edc863640ecfc4bc073b3e6df4467c774cc157436d9154295c7dac8bf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6e662e56580fbe6e01f3d90a53204e8

SHA1
6be24d16bb377b2b790fe4b9c3319f42dcb99259

SHA256
c90dc4ed3f43600ca0785a6c2b927c2f25f7b70e5bb052164635787dbb516e85

SHA512
3db7a70df54e25e53a90d0e2657accffd5de5c9b6ce9b0d62f4e7a8888e51aa64fcd5ab7f86af688a4915d878e45411d4221a1fcbd213902f288fdbc8188ee3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e7b99b2487871f727bcdacce4726890

SHA1
1b434d83a2e5f18fa1fcffda6a38f48fb0e2853d

SHA256
c8cafb54d246cc21c1b13ebf219cd662d0ce1c681b8c7a3df7449e55a53d72c7

SHA512
ea21d5072fe3efa8b2b973e639578072e9f2199770f4bb22232257628ebef163abee176bf3f47675c06dc6d80d81beac4e4a17dee87e883725a7e8930a411673

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
beed8e603244e22e40b20cad95336761

SHA1
b6b3738fb7be33630e018fa15d0d38224e59ac9e

SHA256
682fd7bcaae8113e621a5290294ccc8551059facb03ebff3d679cebbfcd8af56

SHA512
d2649e0c711f1d3c5fa4521335582bd10240e01e54c47729e12fac9e04bc9bb7e385a20cf13e752dbe82b65af391a1aa0e6c29be19fb6c546fec0b2890c4fd95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b4dd15d152e24403f43c3c5bfc166db

SHA1
8947709e6c17ad6663bd504111c7e87dffacdb87

SHA256
644323176c07170c8c5eeae8eda3c5ab122f933e2b0599177d471e88b8c2dae5

SHA512
403256c6e4e131394b73d2776bbc41c396255dad0e1a9209838f187ca29a4b6586ddc13446646acffcf01c69c1b21644f5d969bdd0de4d71bf6994b546432ba9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0625099d6eabb1c0642484fa62157772

SHA1
1a25e8360295ddd2765768de93fb59cc08bccbb8

SHA256
e15b7de9699bac7696b6ce4a9cd95f274797f5f942ab465c57ed3012ce7c0994

SHA512
be181b1499bdbf8c4af5d43a405945c99a7e06b42b32363ff53e8dcca7dfec9625ed763d69195851e716ab900b69dd82253b8adbcfc920048ca1e27119606a95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ca5b663571260a6da3f160d0b986733

SHA1
6ce359dc6df55c529bc6e3b210e1c2929f897102

SHA256
7f691f7b6f0a9e7cf0ca98841f54d8792fd8e0874f62a5d82ec0760ff3394f22

SHA512
3c065dc56f76b5a43f554c1ce0a35d1c2c74eacb64944ae24070409cb5031b9bb2dd7da625536c6cbce77542c36ce1b5cfa4685ca986604034b27d1458d633d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e18eeefbc4444b35f4160d7ee2b7195e

SHA1
35a3b8ec7ef1affece324eba17d1c662498ae2b5

SHA256
724535189407be4303dd6274c7121eb8b36ae6d1e34899de2f019179b98da78e

SHA512
9e6de77edf0e15cd88d78d0c6971db5f1788e2b433af0d73c19121658b86f1644a149ad0240e371c3de0e9c20cdf2901211149194090bae0727dbe073ff0e32a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
18cb77d25ce45f8e44d3a3548b8d878d

SHA1
ea2ce2317033b24bffa117b0d7b2de5e3686b6c5

SHA256
ea0bd7c0e95e936c6b92c4a43294532f6fc55d324c3e4555a378aac74e39f779

SHA512
78e76b9704f4e5878d56bfcf16fb2937747c9b549e949fb4895a60f276ac51c4887134337d59e2cb51b6dbe86de049a8586cfd3f65f9537fb9f0ba042b0cbb2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3GB7E1TI\jquery.min[1].js

Filesize
89KB

MD5
219073097031d9c1a95a1291d66f3a10

SHA1
2b7996b01d90b7f424f2a2e6063947461db4b2b2

SHA256
232066e3f6f1351afdaee1acb70c409766641fd5669e0b55ce7c77fac0a857ef

SHA512
9ad2745f96cf79a4d59393cc3fbb3958b244013f6798c12abe41e37fca80df3c7cedab4b47cbd197645c86b31077388ec8f01ea8d67c5feacbef95b1ae7582b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD9D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit