4303df4a9b9cb8ccc124bacba10fb3d5e0a851a792054ddec80e719294cd3671

Analysis

max time kernel
143s
max time network
144s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
24/07/2024, 08:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ada2fe55bb5e6bd21985a583d43512e_JaffaCakes118.html
Size

81KB
MD5

6ada2fe55bb5e6bd21985a583d43512e
SHA1

748bb8c4cb1541c6bfa8043706bd1144b0f38bf5
SHA256

4303df4a9b9cb8ccc124bacba10fb3d5e0a851a792054ddec80e719294cd3671
SHA512

804dfe88047041597c28a251f53943b6a6070a097e1ba55029298b0cad80795df0dccde7368f2f154cdee22fbfed0d70faaab00ca762833d125567ae05df92f6
SSDEEP

1536:tUVGUEnu1CB4yE52+obhScrSoCHDBPDe9SPilYFp9sPNiemEoD8YZG9zE/LxaVw:0D1552+mrSPilYFp9sPNBW8YZG9zE/9N

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3A8F9821-4993-11EF-B585-FA51B03C324C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427970084"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2412	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2412	iexplore.exe
2412	iexplore.exe
2400	IEXPLORE.EXE
2400	IEXPLORE.EXE
2400	IEXPLORE.EXE
2400	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 2400	2412	iexplore.exe	30
PID 2412 wrote to memory of 2400	2412	iexplore.exe	30
PID 2412 wrote to memory of 2400	2412	iexplore.exe	30
PID 2412 wrote to memory of 2400	2412	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6ada2fe55bb5e6bd21985a583d43512e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
8d1040b12a663ca4ec7277cfc1ce44f0

SHA1
b27fd6bbde79ebdaee158211a71493e21838756b

SHA256
3086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727

SHA512
610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
c9522490a4e4e7d83da72c445f27938a

SHA1
7f60484cbb9019c477700007f113c7731e3228fd

SHA256
bd4d502009cdb5346a37b995ef41a6d0fdd87b89d58dfc28cce83393d6e8b4cf

SHA512
da094d6ce17ba5416bb649b86cae88c9454a402c9b2db4c9f9b727bed599e4599f84c6e95c2550b23e6168497eb98853c35a09c627f34dd0f031d5d4ee5ecce5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_4ED7285A0D9F2F14F63E84BD08C45F97

Filesize
472B

MD5
d12d0565cbcdf6ca37995ed55dc158e3

SHA1
a1fb8676fcf10930f937f337398a1f1210fabc3e

SHA256
557a4d11d7f3b60908757c055326771516ceabd49b58fd1bbcc6615f936623c3

SHA512
d5cc8432a336158ee7d833d622970a76c0622dc02876c2213b2ac97e3745ffd1239ea7b55d3bc640028e69d385b3821bc45bbaa0a0be6ec65fed8edc6bae6edc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_DE59F8C40B88A0DF57DC57DBBEDD7057

Filesize
471B

MD5
2a176e5ee017b1ba49db032b77390a25

SHA1
853c6a07fb32a68d6979c81dce189c1a3618230d

SHA256
478cebca5558b979a680a251014091636e805160336b7cf6e979f2bcedf9997b

SHA512
267c4fef90c3c06b90ba3e5c4bf0f0ff77778c5d6ff34a11eb2089d196d7645cf7f91858b9643bb7f47c4f3e0a78e5b2f4b5c87c5e08c9640f315171f05ca28c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
833cc918e0907bf35ac383ce9e843903

SHA1
66c3a83d2f1082808db072ca43258ff525a0c771

SHA256
e331b192ffd749d916be18f82ebf40e0f15a4a3b6eaa11fb472dea102704bb72

SHA512
8abf6ab1bd95003c85f640409c0a57b6a850558a58f01db98afcf57a92516f6db4e49d693b997474e7ebd4d9af70989c332ace8d1d3fce535f2368411393cf16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
bad44954106c1d0cabc8511a780737da

SHA1
f9ad93d809769d8406c76ba663395b7e8cafa16a

SHA256
df8093dff53e2a64e9392253677564e8036e52d55ddef4d6f8d613613864e715

SHA512
66e1a58b07282366074abf0eda5b14c951c64e46c1dcd65ff6a3933bb5c3747795ef10ca2887556b92273a3eed8a86429c5c47dd80595c53cf1eb9b84f602404

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
4e80e4e4eff7f4c27f87a7ecd6f4a0ed

SHA1
41bf84b09a8e7892f64b6b09cd181e1cda606461

SHA256
48aafa904f1965776afec26362992a349079a3c516559a43443a21081cc5fbf5

SHA512
e57792672caa452aeef26d9aaa96f1b300fddefdd5b190afc2f18443f878f13ff4d1cac72edcae528db1e838e1e640dbdbd88720d293fb63e9b8edc4f09c5e0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
a86b0037dd579f6296df391bf03fca5d

SHA1
5ba2b89ca677985864ce908b2b0304d9c72d4a3d

SHA256
9883714d3d444fe391a84d04bd7ffd9b5edc6b3f061a330fe9c0ffa2ea79123f

SHA512
f90b9e6d5a37350aee3b8eeedfca4db6cb6407358d97ae49584d94c157ed60216b328c79c476520cbc5606dd2e99046e34b095d3d561f224185ef29f31ef090f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c05ac61dd85c5b3672ece4292a35912f

SHA1
6007b7c5378200cce68cd5cd4e7f6467016b22df

SHA256
13ddf444178f9557e51c21962d046464ffee777908afe181dd19759740a4dfe9

SHA512
f8182e3c36324b6841dcb70795f048da3b5a902b5179caaf85f320f354814e2815ff6c586cb9321941356c3582d52ea87b1193d568a1906166b4c7b5a3701e5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22552fc863fc5658780105e46941378e

SHA1
095a087bcbaa5a673b4f0361ac48a0637f6122f5

SHA256
4b504e6432f0c568f049763e4ce89c2a764165f523f8e379d382494d5c22be5b

SHA512
3358f3b5155cf2f39c87fa5877ad04ff1ed22c604d7b8957b51a5149f6e3f5e47d80022580285dd4e9512037c9acecfc3607dabaf67cfb77df476f300681e0f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8a7ad490b2db2bb9a9f5944b98da2d1

SHA1
5573373c86e06a8614163d8c88ee83f74e30119a

SHA256
704b2f39452134129ac54d316c8986832c8330d1eeb45689bfcffe70b3603153

SHA512
f07dbe20ef0d69386dc95fcd7c713434702acd9f1b14975c6ee3841d9dd6fab811b1d9c6eeca62df832e9c42b8142b048d69dcbd506c9dc8f9087e19592e4b1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a38bf393cdbc5b1b6fe43556e88ade0f

SHA1
e92fe4bdc0f227c536a457ee6ff7fbce1f033ff8

SHA256
d3525a9cebe2340d2148f15aa3514451148d1588adfe6d6e3deee9a65fe658dc

SHA512
9e5695fcabc85d706a55a388f27d368af9fd7c740f9f69542205985586ce579c87fd424885f669cc85ca9a6ec901d2b096ff4a63ec8b5c04553a83d94d2bd31a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20a4253d2066375ad5706b64b6dc5a33

SHA1
02fd1fa46a22bc5651fe8e88f67a0bb5317687f8

SHA256
1de9d137a95a99b13f25016323ce3b8150199b692631d26b9d48a7eef5f8bff9

SHA512
7cbf80f87f419f9d58256b31a8b8d6054fc377f029e6cbcc9518211068b9a28df7069205dda1f4a8f738bf137e24fc3ba7a48f419bafebc33c204db02f15049b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
833bc43d13adb40433d6627d5cfca892

SHA1
230189e0a53b452bc0883b5de9b9f5affa911210

SHA256
a7406061fa249d64090cb9524c26cf1b5e14cf155a1c9be38c07bee80c5a53ea

SHA512
11db86676bc60db8bf44c87e151dbeffe04456c91ed06bdcab850f84a0daf26a9949e05ec5fcbad64de38a955331438692bcd22e30550266278d1bbcb4d9d1a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f4c879b27a1355694113ab134a88d4b

SHA1
ce8ef5ce9f8fa4cc6a9253b734fe40e6b1ad47a4

SHA256
6b6c69bb46ed2f96f6b43b9d213ef4a3cfdec1e9357aaa14ff291ce16fb99752

SHA512
045cfe3be3e8ba07b9a2f46105f846b191ec0dfc4a558a9ffece2b55ed69f4119ad9a998324ca30dcbd5bc126378e6b316437a9b03f837cc591a03147b62acf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6590f43896084ea445520212ac4ed4ec

SHA1
37569ddec954d443be5231e2f4c639bf5036b5c9

SHA256
d978aa96501016709fe73ce4cd732b7d596e698467cbba3db668425e06e8747b

SHA512
81caf1b3184dd5c19eb823ece563ff1b4332b82ee56f8424ba86b8f41d5c90cb14749db35a0006ffc9051a7b746ab43e33dfa7b13708e55b11e9a42024dc9fd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5378552f557e7d612e8b66884eb5f047

SHA1
b7b4ca9e2de4039e274ccb42171fa492d093e679

SHA256
9581c688b2defa05601dcf1d7122c74e2d4b5c47544f1c506d04da632cb75c36

SHA512
3f1cf12ce2eb0382a5d873baa0345d87ce83d4d8479d5909463cee022cf7b77863790145c1e54b71bc85d9b1cc1aea0499216ae13c7ed52f0360c8f61625c555

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_DE59F8C40B88A0DF57DC57DBBEDD7057

Filesize
402B

MD5
7d05ec9f24769efa8d98665a00ad0cb4

SHA1
b42b05616b87e5d19329612e7805929d72254541

SHA256
c93162ccf6e1e0783f1d323f54baf18db1681b37f20afb43b44e19809479cb83

SHA512
48d8557510838921e14856dfadf7f186699dcae496d2e505ae96970090d96f94e192e020f9dcaa6dae1bf071b001480f83453f977859c809e000e698d5c10879

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9FE9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9FE8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit