5b8602776fc15c381f91bc229127c83eaf3ffdc02e5fabaa1a0be7a2e75a8612

Analysis

max time kernel
49s
max time network
133s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24/07/2024, 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6aeaf587a129322f1659663d627cc6e9_JaffaCakes118.html
Size

6KB
MD5

6aeaf587a129322f1659663d627cc6e9
SHA1

da763cf9e31addba7abdb96d25551340cf92244e
SHA256

5b8602776fc15c381f91bc229127c83eaf3ffdc02e5fabaa1a0be7a2e75a8612
SHA512

9cfb69f0fbf819d9b1c6222ec7b1e247d05e82cf56afc90ab84c8a20c4124210c92d533477d4fcc8e12dbcf3c608f70f48a29a54639bfccd55f65ef707107dda
SSDEEP

96:uzVs+ux7QLLLY1k9o84d12ef7CSTUTQY/6/NcEZ7ru7f:csz7QLAYS/U4Nb76f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{830DB391-4996-11EF-880F-D61F2295B977} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1292	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1292	iexplore.exe
1292	iexplore.exe
1836	IEXPLORE.EXE
1836	IEXPLORE.EXE
1836	IEXPLORE.EXE
1836	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 1836	1292	iexplore.exe	30
PID 1292 wrote to memory of 1836	1292	iexplore.exe	30
PID 1292 wrote to memory of 1836	1292	iexplore.exe	30
PID 1292 wrote to memory of 1836	1292	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6aeaf587a129322f1659663d627cc6e9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1292 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
563ba03cbc4fd595d52b57bc20331bc5

SHA1
7a27a24280eb15037d2d04a13b6e05ce082ae0b5

SHA256
fc5a8d3892c8916f09e2cb9b3b1202f5045fdfeda09a0319fdeaa751feac21bc

SHA512
fd0b9f0383f24640a1420b32d1f81003b4bee3909b13f99e8dc94a8b248b5dbdb3062d23c38658b72267fdd8c03524ac57cb31f8fd01e6bbefef345902d95bd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c2a4e5a7cf6ebb4420ee0c8d091cc47

SHA1
c39a7ce85af33f955a565bf3c2d5235ea3b75669

SHA256
21cba16d6f36380c99d60321f9290104687230c7c6fb2254eb2ad39abf829755

SHA512
91748628cfdf82176707cbac9208d3fef2e5d420716c28349ae149df82eb929e5a4f650c4428365bdcbbed5c3f762adced97a3e3dbf53a3e6462e8f01b3d08c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b8a4c57906d313015e941d2e6ec3af7

SHA1
89ef4cff7e124af19988e7aeb40021969948feb4

SHA256
8ad6d69ca673206c43bd8c47cb5659a71e9df56de20be55928020bf737c10a49

SHA512
9270668f0a8d29cd56841d6724810d46ee59ca9108294a806e48656aa865abeb26235c3e0224095af001589564ebb5a1dea30cb3c6ee1adf3f4b754f5e2f3dda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
585aa3489c3d6d756c009ecf702384e7

SHA1
55d3b47a885993b9028194df3705477f2c78dc57

SHA256
d6910a939505a14ff62df5d36296d5b4a4d9722d8fb876a6f2644e8d555cf150

SHA512
d8e01a9900c562b8a56c5a8351ca083252a680e95630f1fe5b91392777a96112710410210efd97ddaa54955eac38c5c69847d47e9bcab89451ae01873bdec326

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90470147c284cff2d0eedadf2fb1c054

SHA1
b1503d10811daf7fcc688b9677be075cb90fcb49

SHA256
6e23b3849c2740befff1ea9b66a71b70bc27d5364187809e5a13646501478fff

SHA512
4375b309bfaf582a8a24cd3122a08a34a08b2583f31dc54b116451d0251308b2f9e52d02467057148e653186176d45a0228c12e8a47f58abbd16dfe413ba9b11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99ee152d0243d246b0a5b37edc61c8c2

SHA1
62baf4e9c4741fa277d43a40a189846f12c8ac1e

SHA256
3dacc862f4b8bab2879c39eb20d858bae4807cd5014e3d6486b7dbaa854bdc80

SHA512
249495a4db9ddbe248b3f4f0b23dc40ed9c134a683150417a5ee3e70d93ba9b15307a13c049ee8e391e03b322b6ae871fd6a223f41e2fbcc15a68a872053c858

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2594e3953aa04c2f209fba2d39e3bd01

SHA1
93438ec158d9d3698b6dc9cb11f7f0fb83c856ab

SHA256
d613385cbbb86e6433872fd7052f9b4918ba09a4bd2fa0d476fa56690a2f42cd

SHA512
bfd8df62a17fe043a5508fb68589311353686f94f69d7a49ee1229010e32488333b404e1458672691b850c4a70fbf69b2d4ea3165d77c40391ee460b32002703

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
144d227bd95794fe8423f5e6828a6c46

SHA1
2b1fa57e5aae9095d6b4b191eec5cb68e7fd9663

SHA256
c89ca098d377aca9c70742dd6a2a6469ab76506d8398f385e68d84f6895ebc33

SHA512
5b8a1682ed6f27ee9ed9f79d9b74810a451d22586fa30f8a12056a388a7464328d93f47efea8dd7ec369e7435c21e44be8d9ffb5c00c0b852759ad35d3ba26e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02cf9f04eb67dc4308dde058a75f07f1

SHA1
3636c36df2c6423117bb1cfc0995bf1749b45890

SHA256
a1ded9962389ad37f555b4eec912be5a639f0d77a136cba9cef67ccbaf3d28bb

SHA512
e7e18953394f6a4b08c4c85ec4df8e75c632da41fb78fcf6b6a2e1e1f86130a602f1e15c1791267a98273c267d88bccc61c7bf6ee30facd095ed9812391925c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dac179f02445b2154461fa768f8968ce

SHA1
8411a296a98be22c5d28b809926657d5a5ee6a72

SHA256
cc595563ee128884cda1ee6fffa7690528360409e1f901d655ad155201240696

SHA512
732cd2ca8f66a8ed5846e9bbb9c77d970629bad1b8f9813ca902f7554b0f9427f15c8a92b09e481af4d064c5ff8cd6c0aa4d3e615001385eea172d9a0bf55597

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a9f8186656bbd449d2a19c0694118e1

SHA1
98cbf9ec8def99e98df617128fb4e487ec182a3d

SHA256
fe03b803a330fa844c0758fae61f0de5a4420f01a532e543fcec0ac74710964b

SHA512
27f4f86d076f46a6518ca70dab846707f54d73e344950720e447b4a7dd9814cd55d1bbf022428a7fb7f26a272c90e33550b6b72526a8240f7e2bed14f9112c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ae4f5db39ef3b3090eeba2df8824129

SHA1
5be3a49e584b0d3a6b2919770d29afb011706b13

SHA256
7c51ec9b1db478f5e408074812bf939838cd534f47511853d4cc2764928e00f6

SHA512
1d6093103da3aa12847cef5968a79a968ec69418ba232aa6c20f04b6ea9db909b9961173098a94d9c54770d7bafc01bbdae456970ab0fb359706c701fb62ddce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
634fc087683af0eed24769f0941c8d85

SHA1
49b9e924ff0225888dc80d21d8e4fbbad90bcd6e

SHA256
cb26f47fa6b85a3f40b2392df37f495d88734c4e9dd8d8b1c4dfd75c0f7b9f81

SHA512
ee34fda4e605ef9afa5239bf13a9015281a7f2624bb2b0c7790a02ac67b77a9289919ff595d97f1f0963e1e9a769cadafe94c77bfd041b272558c4611c64fb70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e71a3a502273e578be46939558965c2

SHA1
0ed37f2d9aa8d4bf56e17ddaa466819f62f08143

SHA256
e6a2d4890b116aad9f5a6d7ef3ef32a41f3f55d3439dcc6ea81ef9d40de035bf

SHA512
727d8907331f40fc4825a4acee80a17a1daf4dbf36624e828f35949b023e0b9bfb8630c4855b32d3d002a14052af537635b4af06d544980dd6042c0f3ecd4e78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37c720a03470d6a3aab6856d7d20e9ff

SHA1
19f082229cef17ad9a4da4b5c5b440c43be4e098

SHA256
86d19e7391ac7f1ffa225f7bc81f62a51da500f163cbe3b78896a3a32a932bf5

SHA512
50056145026f70e33e7018eea27f37052c6fb54ac13fb2984f090d764cea67826ae3fb83aa42170be450c6c5359e8106e1e04b81b6aa97857ef8267bf150426b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab51C9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar527A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit