c49bc5c8598065eb27d85e0c938231f798ca45efbf1a39671d93d37d54e714e3

Analysis

max time kernel
131s
max time network
143s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
26-07-2024 04:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7291a079cb1403c0cab4aac23dd89675_JaffaCakes118.html
Size

68KB
MD5

7291a079cb1403c0cab4aac23dd89675
SHA1

89de7a0b23e3abeadc25e9da159aaee0c1d0f341
SHA256

c49bc5c8598065eb27d85e0c938231f798ca45efbf1a39671d93d37d54e714e3
SHA512

b8a25a3d0a097a016f6e33b78e3676c0571cf19b02c7c98d3f2c993e7827c48f2aac6d18fc381226bde6c8b626d0d914ec349893388c3e9f7ecbd3f3bd626b9e
SSDEEP

1536:SyBYp2/es5Ggn2JwHISBV/GI/SK6/LJErxDR9r3Qb4pg4VetBsQm:SHp2uxZLJErP9sb4vwLsQm

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7D77F0C1-4B09-11EF-BF10-EE5017308107} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428130828"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1856	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1856	iexplore.exe
1856	iexplore.exe
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 3020	1856	iexplore.exe	30
PID 1856 wrote to memory of 3020	1856	iexplore.exe	30
PID 1856 wrote to memory of 3020	1856	iexplore.exe	30
PID 1856 wrote to memory of 3020	1856	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7291a079cb1403c0cab4aac23dd89675_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1856 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48f5cf9830384faf0bf4724bbd333245

SHA1
8c36d68fad3b1cf9fdf66010b1d754fde25aeae7

SHA256
6b41052270bf53e31c358cfa1eaf442e3f430aaab298c959f90a5a5bdf5c9644

SHA512
43cdef64b886c02a82746e861034e33af89f2bdbffbbc62aaac77ca67c1f5164c724128055baa911915036a33b28c635b1bdf7e58909b2f2b5371b0203f17a8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
283e91cfc770749b51ca4eae315d5049

SHA1
34e545dda8aafe36e47c916e7bca423d1f58d15d

SHA256
93225ddf5ef6e037b0b293949246524a39780f97d33f2a1981dda1ffcdd6ef66

SHA512
5ad848e4ac3ebff6568607c7b152e4ab8c8748cc1e8164e28864ca23f9a95f2bf32482b49a071cd352829308966da515ad029a05104c39f21b1a9d84cee19c77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c617b02fe31ec305111d6459528e5751

SHA1
3b8b6667530319993aca856b53878df867bfad7a

SHA256
d6e15d7ce4c3623650eb4d228b3df323dd3fbd2c154a2b6559d0fad379e4474f

SHA512
785b89ae93c033450ea154cee330d9a9248ac7379b66df47707b0734691d19585470adfc0fad737a7c513f9c71f8720614097750cc3e6e9fc26cc8812f058eec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa796e52fcdfa9be2c2204e3046c52dd

SHA1
869b97105204709397e53c00ebae6a6b736920ad

SHA256
f41a9ba9a8a8d9284afa4db4ceb25d56f5c1b7dfbaaf64342d35959fcb8eafd1

SHA512
6ed8f67a249de906dcc313c43cd85ca29c8a1bc9eac0ce5179acf9939502c15dbab495fe319cd96d5888faebebc4d568d5adb0efc11c3b5cfcc0903bd27194f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
975d644fb2c2d5b151e0de4717179ee7

SHA1
56f06192894a323b42331bdccdae9777906a6e46

SHA256
dbdbda745372bc64c27c839f5637e554083375b15958023fc37fe10a0c5e6c82

SHA512
9bb460519a423ba6423b38bf58711e5f950de05e359ca028c000ff575970f7ec00df21b252c1c93e5a8efef75f678ec19ff35b3f58e68d348b17024c5ee0e07e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cedc1037783ad0bec259309c8220b98

SHA1
fc919b70d4d36edaf2dc1f6f1cc9e79e8107ed21

SHA256
a0a8d8c99d735707ac5717e3d3859962ed157e9bdb590e24583efd65f588b35f

SHA512
ce4c4546761f809fedf402cf733a82ef983674ebd3f4d23ea8f54abb8fc9b3630dfce4edce37bc5760af7408fb3c5aa5a234d80230d2803f8223566e71b1a515

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2336fc808e003263507c1b55b655f454

SHA1
ecd2f30231dd52f27f3bf9aa88f86954cd37c740

SHA256
ef02bf54252c8a45fc620de95003b579b0a131d7c1ca5cf3ec396b27c0c2bc99

SHA512
e4beb523008b57df33f44e8205d6587c53e1d505b5e9d9791bac84e5a35d90961d60a6628e3c769fa68001b3b9c29310d35f39a5e6c03c605f976f7c934730fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af2aa0c976cb500cb2063519f89bfc2e

SHA1
d68d4a7dd12ab7e6f9e6af50417c9e4162f56b2c

SHA256
f519a50ff90ccd0ed4d089b71d6a18dbf5ab4eb5999035faf0f655e92a9f343a

SHA512
f9b0b61afb279bcf5433015d39c8e357fc1922650e7328c9012b1c84cd40b2f2a0953d9b3c86c16a59f51e4ca5f1eda20ea8c4ad765e750869b2901fb0f805c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ab4cc9b29d55d0d8cc22ee926130777

SHA1
446cda597d95de91b3fa4098c7a5a37f7770d4b9

SHA256
42a9aa66ae40053897a87b9b9447eba5e7973d0d9dd573217889bf83b522ab15

SHA512
a2b188e2d0b0e4cfb7c897e89b84005526a62366898f4225e0667aebed70ff43a7a76fbce7540342bbfdc61bd776272acc074e76383e47a18c95d473d19c097b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a752172735bfbd8a5db4367af674f70a

SHA1
639105e58f23b052a779de38d3836bfa83a8ea98

SHA256
f8f7783def1d8e16a47b1e5cba5f447454941b9fe941bafa8e4d6cee11952e7b

SHA512
7d1901262318cdf28d6171ef2fe4e80dcd32bb92251f53db6c4d6e0db8c18626dec871b15a8e6045a4473f714069e1bd7b9d07526a989fde514d13e9d107e4a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c46e84a4268313c1c4fe2ebf5b152d7

SHA1
50d67aaececdf0a76b20ad1d44c0734a5bafcf0b

SHA256
c3210e3ac491a0bdd1e55562d88f22343b36caa8bef011c2c7c566ab0d285fdb

SHA512
be699104a4b3ac2267fee72704d98b2e59bbcc174135445d6ee31b95ce81ffeeb0bdcc82c1d19e75e61089dc87a1131a4c5369ac3669cd27afabcf91d8878e21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2473dac68c342949f4daaae56ed4fce

SHA1
1b9e387531d7bd7470c1dd63f57e3bd9b4f5c716

SHA256
d2f611bc8f41301271fb060a2ee4da729209b9e5c0bc85e3ee049ecc52483865

SHA512
c650c5e4d10b34ea51d1689183984bbf70ce502dbf8fef97fd0ca0de38eba7598c11795b5460dab47da19953668d797c4325097719b55b512f088fd51cf7fe8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61b6a52e4bb9248ce5c5e34a353a8721

SHA1
02a8b20a177e1517e71787b1895e4f8d3f662ad6

SHA256
8a99b3d7aaa74d41b09e99c6001c9a7dd6554fc899bb535f35f928e542ce2b24

SHA512
60efd37436d41a84855720953f1d436ca4e123c89d11cc2603a28e0eacb25bdd3528180eb09ab73ec62688c758b78c49b89047702ad638955e22112cedddfe63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8fb39b5f5bd9cc314c9d1b0b9fe8e85

SHA1
40e9fc97c548011c5546edf9c97f959334986209

SHA256
bc7dd0c6c2ccb2392804c26d16477450e3d617fb1297f3a9e88f3807f099dd35

SHA512
5ac0c33ac69ca8337fb7cdc295ac014cc048b590c68db43249c3e2b8c347195491eb2b19a5b934aa6afc25764d8dc01bac912dde271ab933c7916b3142fdedcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD4FD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD609.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit