4351c1cf28229c3a49c2226f50ee6684e95345944d1af849069d354cb851d7e3

Analysis

max time kernel
135s
max time network
140s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 07:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7764b6f9dbc53028306f4d0c55d2cb2d_JaffaCakes118.html
Size

69KB
MD5

7764b6f9dbc53028306f4d0c55d2cb2d
SHA1

7c8bc9ea170669d21412aaf43aac6aa18494b6a4
SHA256

4351c1cf28229c3a49c2226f50ee6684e95345944d1af849069d354cb851d7e3
SHA512

3ff310a7fa23f129bf6d6c7a15cc223e20ff5cc918e67f756c24f9ac929fbe919b4974301a4debd084b405dda12f1345123e260733a21c737958ee800a9fc597
SSDEEP

768:DzkJZspD3gGYydo6H9Rd9JJvLc6hvLc68w2sBtuFG2uqrh2SYewp:DEspD3SydoGJJvLHhvLHsdk7qr0

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428485722"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CB56FDD1-4E43-11EF-A32C-7EC7239491A4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1732	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1732	iexplore.exe
1732	iexplore.exe
1280	IEXPLORE.EXE
1280	IEXPLORE.EXE
1280	IEXPLORE.EXE
1280	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 1280	1732	iexplore.exe	30
PID 1732 wrote to memory of 1280	1732	iexplore.exe	30
PID 1732 wrote to memory of 1280	1732	iexplore.exe	30
PID 1732 wrote to memory of 1280	1732	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7764b6f9dbc53028306f4d0c55d2cb2d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
14555653c1d6c5a74ab573556aba928d

SHA1
a3b5b2f20a8ed3c16d592701dbcb8f389d76b028

SHA256
31679cc2d393f8efbfd6a86d1d65d5e238e70bf5a1741ab21594adc808b2eeb0

SHA512
95ddbd39fe4980be6f01f9824ff96a1ccd6096486bbb4b17b9d63448dfaef34310e780b06f7974431e1ba8e687767bf61e24bc6ea4de446f5f47fd5e1d85b6b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_139940C9B5DB989CC3655EB2326736AC

Filesize
472B

MD5
2d2f8b94da7f01d75d4f9bf36c11c90e

SHA1
74abd5554a9b3e080a4b5ed588659d89c4bdc64b

SHA256
ec82e9e4503275804aa9733a7f124d161917b3c40f49f1df85a11c7ed5a0be35

SHA512
dfe2c7e8e0a1050bc912a0fc5397fef9093bb259fa19b01cffe922127a166bd9081af4d72a7c9921bb10bf9ace2391ce8aa95fd870d1b2d09aa1b0caf30660d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
bdcfb4e726f54c1b73e73a668ab02f8b

SHA1
74089ca5942a110c023d8966409200f70f30a756

SHA256
7f17edc941a3f28b6791870307b52ad5d4ad5d95c5a75b04f26e1eb9dd689ac2

SHA512
489a56fb58ee89bd29eaddc04ae1207eb45fcd26d0609172d9336ab3bb70a42a20a8ac1279f3ec3c4478ac8be9bbb9eca43339289052ea3de489583ec8bde7d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
fa68248d33b806cd23c266be96483141

SHA1
bcabd81679206c137ac951063ec414e2867f7e2a

SHA256
fefa8871195d5687d5f8a65bb42614b280665284f38f747b6120c045b7b11920

SHA512
ef5c8deef774e0e998f4a8d2a97cf17930d0279012d64abb22ac7b8e54f8bf3892c8a4942b67a7c4a614bf7f652914554237351d564bb8a7a3f7d4c37f013732

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
35470f029e515dcacbde7bd10ea4a107

SHA1
980b51650b48e115aacfcb13033cefbfa18fd755

SHA256
7a2eed3cdb0159214074580b70273030de3f9706735d8c68e6ed769753b7585d

SHA512
917c41b81aeeccfdce60e6a60547c0301f309f02fe31bba2eef223ed816d7a96640fd120cebf033cd0baf4b9932b3b9e4c75b2e522ece4ae94c6d414cb73c491

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c60302062b2c1faf9f08cd7127f85a29

SHA1
e7faa6948a859d2b83745e5b701f413362c66749

SHA256
c0f3066812e48bdea0da9fd7c941eabfaf5b28bb63d017a32f40d124ccb41a14

SHA512
156b7467bf8d032f3d864ff890f15b020aafbce8b4a278526dd411b04bc424f1f05846a57cabeccd92696fc061a4ff9dc2500267fd7e60287556c3e67a1e6b95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f3579bf90b5986e00069ac0eebe3b64

SHA1
d671e4793833c01bf9221985eb7433addddf83c4

SHA256
898cf3f76e0302200f6e3846d9282d70aaedcf4e5d136ffd36ff2b4ab97eddae

SHA512
d28657e9c7f074b3ab6b82e292399b4017bd737f84b1234b6dbabf44ac706f0890cc3b7a7345b89a9377ff17fc1721d6f892a8a8d84a24ed1bddb7f304e1c35b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
697743dd4580b4026e5e691221af5e30

SHA1
c61e4d12e61ab155e95fb9ffea8f40dac0f9d2e7

SHA256
dee543499ae9f8b16f89ae9c9cb3a934493336a917460c18d1ba9e93e6d94943

SHA512
bf3a6704871344bde30214d8e92a257eb59eecc16ce75c8fcaf4fb420c669a80d4b03f7aded7a21f8b7ab3caf738a3ee492ec24a4ee243715570935815527be3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f83482bc4284ebb43685a4350a4a04e1

SHA1
7b445e05e3bd1abbcd9fecd1eb191ec3412c2141

SHA256
b94e4088ddafe364b9d41bc1ecdac486947a6135e1e28e701b619b97bc6fda55

SHA512
189767c40a9fd8f4b3fc3ef63ce84f508ff9bf31bcb178ea174a68314abc3103d42cfd7840b345776cce00183f872132ee35ef2b3696cd65c4995188cee74f2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ece46199e86163e3988c45cb96de54c8

SHA1
ee8f9272b5bce63129d881653ee3029195241e37

SHA256
d78860cd602d07ac720549b9099e5c09a8082c2aaaa84c11274626aaa4f4db70

SHA512
ac4df3804f6cfcdcdde0112ca5047a3d9a02655fca76b0ce446c6d6e10e0812b97fddd93b7f4dd912809e8f9e8fcebe4c3c5073f963d2d206bf7a9120919ac6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3b1cbfced1dd6d5f419c121a007e023

SHA1
d69c52e718f63c85ab10cd53efee2c28ef89f287

SHA256
4c4dfb93f316a8c1129299e1909c08191ff06164b8fe470e8aea79df10e22181

SHA512
8bebbc08026d09b877d998968f692eb3d323cce1391075b5fc806c3e986e17c6c6fe09f4fc547c55c29f525744677884fe74c73bed296649900baaa225186ccf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50d9ee5eafce227f1e19de251beff0f3

SHA1
7644034fb446150426f84740ddb8e0876d83d5f4

SHA256
8972bc11819e13ec729c8b4e559b641f75aad8e243cb527c8bc0d0cca88c2bfa

SHA512
e06aa02163666ec7c5718eaec6fbfb84d0a5d0430843048900510705eee08a724c4051c0c7c0854499a20faddc3e3340fea4ac2c9287c222599f967bfc62e412

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9be5b56f658a7018c035bc582442345d

SHA1
046bfd3119a53ed129cb8a417857306f37f0fef7

SHA256
abc488ead6de40c25747dedb311ee4480e3a216d3355f3c9335a328dcc66c438

SHA512
f6642f2b5299c0fdf084d1acb21dc451172b262ce938fedee56904c1482ecaec5fc9bd9f31466355e08a6c5adf16b5edd742a93bdf9206c3e0e530ba307c9a2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d00507d7b98e61235e3df249f79a56b

SHA1
4f3eed60adb66556ddce67f83b1728582227996a

SHA256
f428a14353bec38e0033d57ecd30b24b14de03166db96cf141e4ecc7a7bd2eb7

SHA512
6175b1bd97201576dafc4f58e26c9440cb82b072f3afa4bf42a1768a75b8eeaccd499bb407c3f2688e162628f006a1396590d8fa29ad298c0f33c0fea2535a42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a4924b92a6c3df0fca99e070a65a467

SHA1
09c499e8501785808efb5499a4d53a6b7f31067c

SHA256
012d412bbaad7a97345b6c6322b9b097ebc4b1f148fe431ce59f4cb81038e2f8

SHA512
a5bce7d7bea782e5d9dc74a4dd22fbc9e3725ccf347bff21ae06b7d4bca1fef3855ee84e0cf0da92cb71e4a861fb9881c4b7fe54748b6e56bc3e9327c2fd057b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
011832e2e913eba88322566db54cd411

SHA1
7c3b20d13a582afc2163c8f1ffda7ea6172b016f

SHA256
685d2dcaea3efb4b6b0370650ff5a9a8af50990b2851aac2e3dfb1f040b8f751

SHA512
e4c3a1426782da20710fd64624ac687d7a5b7a1db4ad673e6c7cd4a0944dddd3c2bf4553fad628af4e6d829cdeb64e890fb6a1888a7072cc5208a014d72f49ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6GL24G53\cb=gapi[1].js

Filesize
135KB

MD5
cb98a2420cd89f7b7b25807f75543061

SHA1
b9bc2a7430debbe52bce03aa3c7916bedfd12e44

SHA256
bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4

SHA512
49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4VBOHSO\platform_gapi.iframes.style.common[1].js

Filesize
55KB

MD5
881eb3704191d887333d08190e37b9c3

SHA1
fb5f7a2259c6e2d0a986f1df7da0017f6f4bc198

SHA256
03759f99c9adbff1efc85f512a97546207efcf91894a08b131bf59c2e2b95206

SHA512
860ce2d7e2ee0a1eea2701af9d0e01659508e26bcbd2b4456bc926fbada737a067fb5281085c00d136f6294964cc2a6764ce2c12cf3fd32a0f130c117a6e3191

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD01D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD07E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit