8349591f80f8eb7b16631b8d7f9667d40f942bb1b8119147418205afb5e2d235

Analysis

max time kernel
144s
max time network
145s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 11:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71bcc31eb273f2807c7060a4a1b5c0ae_JaffaCakes118.html
Size

28KB
MD5

71bcc31eb273f2807c7060a4a1b5c0ae
SHA1

8f63f74bf84836ebb2912cce38b8872791a190bf
SHA256

8349591f80f8eb7b16631b8d7f9667d40f942bb1b8119147418205afb5e2d235
SHA512

1299b964d427fa21eb1309e706814c04a4e70f66e1ebe86f777ad6ba83032dac4b285b6bb1339f30065b46173bd78a00ca4e2fac3101b7af086f647907a12e07
SSDEEP

768:tlxMRoe8CSrCZSl5pxvhHpIaE5iFJesC8/k20yWypxk:mRiv2Sl5pxvhJMyRnc

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422796806"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{40945711-1A86-11EF-B5B3-EE05037B2B23} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2720	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2076	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2076	iexplore.exe
2076	iexplore.exe
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE
2720	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2720	2076	iexplore.exe	28
PID 2076 wrote to memory of 2720	2076	iexplore.exe	28
PID 2076 wrote to memory of 2720	2076	iexplore.exe	28
PID 2076 wrote to memory of 2720	2076	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\71bcc31eb273f2807c7060a4a1b5c0ae_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
cc60e64b3cb934f03d1dbca6d3e2d8e5

SHA1
552e9e3ce23dde8d8db4aff3bb6bbe01b44e049a

SHA256
9d965ff227ee324a593e6417a437b0c4f411a35d6bb1fc5cb5801f0f6f8255fe

SHA512
fa5494d59455d09c7ae049b7d152a4fd3ee171f1cc044730bb28f297e1c949921a6287fb93bdf3fb05ed3c3e21fca6db5affc7c265471fb44daefdbd0f17dba8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab3cfb994d47556e44af7a0badf3f7a5

SHA1
f209e7566920d235670e52c7386f96252df80a92

SHA256
0fa448f58077870434ad2a64f2ebd138d80795c603afd9f37236e22c18196517

SHA512
abd9fd79c88f5dc6bc0eeb3b40996a1f708a86aa35a3f5b30d254b5bd10e8c8532d743daebeca8f239de7e8ce6ee7254d069caeb3b0126052e0c6e912e3f4e20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e42c110782d10e472bda9602ec18ab1

SHA1
a959f9ffb365c731a9acf963bc81332fd5ed14e6

SHA256
b7d648c8b8cb746ddb774e8c7d46c4651e5e471bb2bdec60a2f31e8c59898440

SHA512
94927b61c30e91990c6db8d7318d1ddc85ccd9e585ae922930b48c18013854b2724dc1420026166c0afef742b967145fc84e566ea14eb6402b3de6954fd86d80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2a41c3f898aa661a01f731c24a57565

SHA1
bd0ffe8557ba514ff4adc5b0f95fb643f1bafde0

SHA256
ee1f8dd86a49cb265109beb825c9e328bcce559d24ea1ef89de135b9c94dec50

SHA512
ba5e9c3322d8a46e20036e1025ed40b767d40e0c3ae5dd6191e172f42197f5b0b3648f1163c2d8708652524d96bd32a6d2b7eaea2f7aa2506b34b58768838566

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7765483fcc19f1a98b65093f0d8d6934

SHA1
304f3c5bad0d5c1a4c9e12c3d9a14cc5a7d18eff

SHA256
3a9768ecc638d293577af43c404442576b99cf7984b33e48e837c0e1b3071066

SHA512
1627ef7fe5daace3b09451635360d33d135b0dbd9669538edcb36ea77de6e78ad43e048911ff1bd0a3b58a9bac3243d32dcb903ebf652187ab0cfbbe1755fd96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
500ce1aca25b0f000062b0cedffd2dac

SHA1
1250175b4c52ac283843b88a62f544c9bf6e946c

SHA256
5f1b9788e544bd8f3df47eec13f502ce1a8c78c06bfd15371c660a56ae3a18db

SHA512
f4eb3e56abbb42f7014055c78bdc9e99703f56e2b3c55fc67d232ca4d60cf0b2aa3cc9af5f620f0c576ef3a0f50989e63c7d0469ed954110bf3d803eaef73990

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4201f8abf24698fea41bc942962745f4

SHA1
a17fe6464e91d91f9c9775398052b3319c0e6eb8

SHA256
f65c67038459b84e7fe63ca191543c42e040cf6f45578d11505b47e6c601b1f2

SHA512
08936000374e6e59bbb8ddb5b4612b7bba43460a5997e5cabe910c031b7a5e39d9a2641d8e886795f9e8c1bc1af94b7a81ea68c3cfd319b72815f405b1ef73c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe4582040cd4362a058b74c3666d4238

SHA1
af8afc4d08f56765931136163a4144a2eab0c0ab

SHA256
895c08be7652a9dc43a16f9cb496375910a803f5578d7f31e42682e3c8091bba

SHA512
6bcffa7ac22c95190f4fae6f1167cad474718e71dd51029bd3f765fa8fe3fdf77427162f000006bcab58be715074334b04bf0101a91882be24797d4c26ea7a52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fad3854e84a19821e68448ee24dafd44

SHA1
c3841b38a84b609cc1254716c8eb22798353ae24

SHA256
3e3f0a7c4dcab3c83da0504ab91d391562356c20ba29383ce64299e6f15844d9

SHA512
18105686c9b10f8d5ae708e1629a5cc51d53361b4d4c45c03f22e43b5473f1f7745869942afda2e9902a6975a1d57175f13f8d93a7f00993b8bc1a2376427568

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
292576776e9ac466628908f2f1c0c3b7

SHA1
86b13e01fe165e1839b67a2c65afdd70829bcbd7

SHA256
744c6fd803a065afe913d4a379f328e11bbd7504428cd4f05c07ef1045fababd

SHA512
ae09db16cfc67ae67acc884da2c300d390dc6ac3e103a37cb1d51042ba9ef30433f2f104ba7afa8c4753b05627695bcfaa86cc595bce2c69bcd401eedd25d00e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a52f5b7cba0fd8b3cf8180b01e4b7b3

SHA1
b323b9bdcdbbacc32eb047bb215762d9c228dc2b

SHA256
884f1e9c6872bf155772f91e7fa9ccf8dbb5ce8badb7825372997f7d9b473f50

SHA512
46b946c4717a56f80bca62fdabca6f903be30d23e1331761ef71c985c5d5ff86435317c22745bccea2e5ab9927065375fdc989d8c63391e2aaf29c434ac94b90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f03ff42267fac8d04cb0c88e48a7ec72

SHA1
324a70ab358bc7fb184d4d12013aa9a2f7c1a19e

SHA256
dfd5b8f5896a723f0042d58f6a563086aee58308313171e0be355323cb5b9ad0

SHA512
07bb719ebc9078b60e3b992bbfd3b106a36226423e3567ac5786427397396a3b0670824a0af62531827fa029151ca91b3c3e5ad53f3e4fe17e2f5767c26991d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
b73cbea2ee89edb2eb590dc9f8fbbe3a

SHA1
1cbec52eccaba5de1598b8cce981a5a39e69afcc

SHA256
5ad6dfce43e3bc8f6c0ff1bbfca3da9574ff3dbaa546475019757d36cbd3862b

SHA512
7811898e9c26c13ac7b5597863d8207735eef78c66081c6a78909cd53ef94c80983645fbf3a5c8c6627a9b85e0fd22b82dc9c41424ad2cf10cbe5fac354bdb78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\liveView[1].htm

Filesize
149B

MD5
c53bfa99d011169c53385180f4c77e8d

SHA1
cb8e4b60ffca9295795a2fb823ba8a7a43237e7f

SHA256
1171bebf17df6eb9076d7b7c564763e8395f5d32ba0412566ca54f5ee8bbc114

SHA512
a4a7413ea048495531668175d4ff681929582aab6150ebd6e1d65b943206342413aac42d22968d3452bdc5e83c87811e12f5d4b70b9f20862d0099d2335d66b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\small[1].js

Filesize
8KB

MD5
a41caf5294227669425cd5135a26b2a0

SHA1
a26a13f88c51c37b58fbd8a6b444e9b9150fae16

SHA256
2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1

SHA512
d51f73568d401f35fb68f9a454dba95781bbedbfcf85a5c366e9f3f44d42950b846f896b14d6d297bdba6688968b937beb5e74eff160c73eb91f49b71103ca8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KRMHFE1W\jquery-2.1.3.min[1].js

Filesize
82KB

MD5
32015dd42e9582a80a84736f5d9a44d7

SHA1
41b4bfbaa96be6d1440db6e78004ade1c134e276

SHA256
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3

SHA512
eda31b5c7d371d4b3acced51fa92f27a417515317cf437aae09a47c3acc8a36bdbb5a5e70f0fbfd82d3725edf45850dde8ca52c20f9a2d6e038b8eaaceee3cf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\f[1].txt

Filesize
92KB

MD5
6b6ea1b37c4a90788c49f34551ca33ac

SHA1
d4f72775b0da49161df363cc318c30564a0f3a9d

SHA256
fc056dda065d614f9739ed88d4f403c6df011eb6fb2e48e48f2ab5cf2441e78d

SHA512
efd142eaa6dcfe6ee6383f5eda78ae8dff58fc7e9fbf0e5c06d5b36c829329af4b79c08cb2a527ab119d0374515a9e77653829c14750582d89b0c623e24e9558

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1D62.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1D77.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit