a3b913b1e46a246d44acb0014f122e58f2443e436566b0797057f8c4a263df46

Analysis

max time kernel
0s
max time network
127s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 20:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00ee014cd41f82da8bec12b8b5303499_JaffaCakes118.html
Size

49KB
MD5

00ee014cd41f82da8bec12b8b5303499
SHA1

9f5b4ddf9f10feb3a9b4621ecce3ef62d81da09f
SHA256

a3b913b1e46a246d44acb0014f122e58f2443e436566b0797057f8c4a263df46
SHA512

e24447196a972c562e4c7dc0dde3567ad82d6f0de943470ab39e9b4694f4ec91c5021cc23e793920e8c45afccbcee794bc02185e2b6fa25915b8b4157bef324e
SSDEEP

768:dbXXmHHN+1UjD1rtWzwDlYQUxqgKXPg5nMkg+9FAxxeyQ4EG745wd7wm2fmf37Zw:FXXCtsjpU8+y8evmntBnfmCNbFM0hkL

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 19 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50A9C121-4E71-11EF-9EB7-4E219E925542} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1928	iexplore.exe
1928	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2456	1928	iexplore.exe	30
PID 1928 wrote to memory of 2456	1928	iexplore.exe	30
PID 1928 wrote to memory of 2456	1928	iexplore.exe	30
PID 1928 wrote to memory of 2456	1928	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\00ee014cd41f82da8bec12b8b5303499_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1928 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
1KB

MD5
1e9f424558ca2cb927069e3025c27344

SHA1
ff270a012986987dc20b3aa8fb777f58939a0389

SHA256
cb7e5fc1ea5517838a30734869153ff239c4596946c2e8a34da6b7b8cd76aa40

SHA512
97fe9f04c2603e86e751a0d60c6a29117a19cb72fd3bb737ae5b0b92fb9a728d8f1db460f3dc274b0fd3a9db2eab68d1403da370a3d0d7b4e8560fb54be00059

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
1KB

MD5
66b588a99a610ad19804d022e15ddc48

SHA1
c386629113a2e0b8691d696800a3b746dc1c21bf

SHA256
272e0cb0c5510aa55c8fc19d7812db676d657dcf78141e0e7916235ba5fd00a8

SHA512
648c4047cf775d602790f0f97fafb889c5e8751233a498a45fcda2930aa8e3d7902473b3b75682f260ebad4856fb6dc992834754d02fe915b2769cd149df666a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
508B

MD5
1ae9c9e94c46eac58b0059718ef61508

SHA1
ab99412083659d6ac99a3618fdccf55b25f268bc

SHA256
0b5d068613f5f857dff113e0dc405fac5d660147efec0c14c1f04ecd540f1909

SHA512
3297dcd8fdcbad928dd8510419aa44e4297393dad93076d61320ea3df6c97d167f6c2beee7a9b6df36457d966efac0d6adcb62e233334e36ada6df826f138178

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc1910467803e6cd18309f95f55f162d

SHA1
cc8ad70d0182215f4e011982e3ced1c167880b3a

SHA256
ad5990c615b0eaea9a52c6d8b597592091dc1762d6bd9cde2d74437082204ac5

SHA512
b9953adcc6af0f966553783f215c96e059fa3af26a81a556fc4ec57c4d3b8b1bd58f6daa87947267da99ddaa9daec61a9add3eef17aefb7675857de46f70a759

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f6359175f211e59a6e6cd0958f687fe

SHA1
ec7a11816ed5ad553f6a230514247c6c29e996ce

SHA256
113048736810d9c40fc34e32833a13a0590bc2f7a19c81f4658b4d57c5b052fe

SHA512
f31d59dae0d05d259ef60bbd832c27eed34843ca52e25ce905ef457ce0295d6a543fabd1b4d9d64546fc0c2740eb8b997ef861530ac24da00fffd07d9b547afe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5832d010ac0f421132306a3e02131f7e

SHA1
3d2cad550edf6c968c6b26816920dd2ff759be98

SHA256
660a72f9e72655803354433fdd1a0d85c490662f4edfa3a1e64be83793f7462e

SHA512
622c477251ec7c541433f392e21e832db10d9c4ab46ebaef6cd18cedaddcb6fe0b45d0645dc006445537b66e5818213a3110f90668e21907ee61381a4b95705c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81a6a386aaaa4de9c37d410e7b1225cb

SHA1
017b38c4faa67b76ee438bc66858e39ab96bafe4

SHA256
ed1499bfb8b6a7db4b2dc3c5f3199a34cf259f9d6a7b1ce53601619b52aba761

SHA512
61cf94dc05c1bed67f5c279c3d7cbb60c0fc729604ed0ce0bc7d33a08fdc86e8fd8053f9dbe0a996a89849d1187715703019f8555f156246c26510ef2769c984

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bcbc67e40193df3505c678d9d19e3031

SHA1
4ee31a706dfb8090df460665957736b0646fea5e

SHA256
3db1d526157e6c624238acdb529bee107a12989c95aef479f2dadd7c1fc0288f

SHA512
94222ae2b201c63db4483b9c9b4ab0d775e1cc0f50f2dfaaed0c175c7a3f09acbc73770744bbd268444286ed37dba043b017a702c0107de3f650d7074cd09d60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5c271ca5ac7cb8ebb2d5967ae0348e4

SHA1
4d6378eb06b19cd4f1161f3c02454e42fb63f0ce

SHA256
64a23cf5ff34d3dfebc90aec5b6eb1e0d3905bbd67967b7f27c85917a3ee70e3

SHA512
26247387ddedc040fa1e5a9f0a27a34a8ba7189b718745350c404730593cf9a69056dd90a2e97cb91609814c8a9d277ab3c89680a131e7a778b66a5f0ed93982

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de59455092bab42a58923880de01afbe

SHA1
9afc3e77fcca72e4810b16b30945850096a870e7

SHA256
fc7f57e877419160f129f00e9f546a2f6e8a564763d29a2f834db7e453a54eaa

SHA512
28bc384f90cf9b937d0e3783d7bb8cfc3e7bdb01b57b0d35b272bd61c727d41bba77f5a3fcde507d2ad805e5537e00d6eae3366715f4bea2625f63c3b3587894

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b333a2c8e91bf4ce6067bea144c18b0

SHA1
16bedec4d6515757f4aac51bc7c79af32fdc8ebf

SHA256
e2a2d151051d9f48d5a8aead17e99f8d64cfcdeaaf3558b0502b2c3627aa22c0

SHA512
9e57aacdeb9ce448352f4cb50180f90cd341b573c9558d9167f43cad1623a7bd63060131fdf3bcd22cf81682589af9adf3137e779314d4178951d53c1321039f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61c35294059f2e2860e742d8c69fd946

SHA1
79cd29cdab69cb1b51bfed78aceec678c8844203

SHA256
f33d5d5c2248ccd7d168f902b8a5d0570db4fdbcb2120bd84d9bfa1926179a67

SHA512
8bf4fed7f1b22b0b2e37107f3d94de6a0238e232bbf7b34166f0b7ca4861dc52ec3dbc263b1520d0f768d5f909051cbe88ab698a212edc34f9e8c04dcbc609e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b83a8da376a69a7c5536fb68cad911c

SHA1
4b2d2e5520db6c81de3d998473ae965e1cfd4c29

SHA256
276417a9e3fc2cf61f2ff521a3ace02fda750393f168128d3ca8de92d91799c6

SHA512
eb39f88cfff43777f5d6aec60f85d55e76dfcd0b6a55aee599037e517ed0ffe025eff35d2fbf873c8dd6c3aa708744044a20dcb8a72ad73fd33fe5c0876c3f1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
891a6aa170a0bde41b45300df29d2520

SHA1
04223bc8c991142920698a44fb127532fc86c0d0

SHA256
09fbf89cc27a55c07731949424fa2dfc1e66effe1ab6c502782e7e3a620ec0f6

SHA512
16a427b1b4898b1c7bc9c96c43b77c7b979120032d649999028db5288979edd92acc2c013946d665b234efe30633492e108d59952a7a24914cff3ba5287d6c51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58fd46f66baa40a891a310f6b61a6e27

SHA1
42c9a8048fb924298ba08c6e806c1fd8babd62b7

SHA256
2a32457cd0a809139819cfabf4236b2f8c702ab79840beb7c868ad2d4bdd9bf3

SHA512
2d64657f5fbdc0bd0dd6818b09a047ecf58647f574b24e9d54a8d6cc5688670e579d34b57799c4790e28d341f557320d9d757100927333103b2bd3e936998a81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
367235428112ae3f9a844a2114431da7

SHA1
b2fc495932cac227a76ded5b8feb178fdc4aa9a8

SHA256
bfdcf46ad294da40527fcbde69f6a78b3e5b6a66d52fed2caaae286b926507ed

SHA512
3b858af8b64df0f030aff19271985664d6a781c6174fd8b50075d4404ccf40f6c829a9a90a0cd474d9205fca52c0081b7f80fa474a7d3a8e102b496252cd8f54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b97539a3ce0b077a342fc97501e2e17

SHA1
7383ef7e02f3687b2861cb8e5f177d40c1298202

SHA256
09da7b8528f8e76cce38c9dc0ba9bcc69016bce51c6afb8911c7b49c4abaf9b1

SHA512
d9523c77f4613a8f4910a73b1bf29d098e0a9002f35b68ed1d1aee3531f4f119b1e2e1d6f0e7bde0ee11517d14b0ec9bb7afc3a8f5b4782bbe8e47dacb31f42e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73640c8c9566e441563d44aa937c2e61

SHA1
711d9286597282da974b4ab1f9c9e71469f9cf0e

SHA256
f78c177bb74343b544ad9bd1a4d822dac78551eca998c026afefa18a48ae7b7a

SHA512
24d889cab27d9120afe04c9fa9491719774db28d62d0eb1bc79dba25f03bb9e29d2e8230d79a4874d151a0b23ba12460962858e81e7e616e3c548d4cf3826558

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0915ed73ed7b4742530e09a4e1a39074

SHA1
a90d919e9270725e1f6a48af9557f5028fd1fe9f

SHA256
449e40d6ce09c15213b78eadb4d7e92212a3cb769de70a68f209f0bd5866b751

SHA512
b4f5f4efea165bfdc16ad04051303154ef29874702ba0ee8db0d3d27212b690a035889b84c43ec2295420e18490333bd0a2f9e0deb6d4b03521f07abe7769239

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64dc47d96b073ed10ec1c4fb457079ac

SHA1
1c49cc23deeaad8c99745010864a398243d6f264

SHA256
675436f8b3323656867fe0d510bbf0526bf3a74aa648633c0a8793cd2ac3fe1c

SHA512
160814fd2d4956d07ebd933d1f945498403c91a9b2e52924cb730c1d1186d1823397f86513a1ec0ea005a22c8ba561b7c9d08234a075b9648cd90a3391396b0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
163da3f3bf20b8d5a05250785e649853

SHA1
e717d3809e32b906517066b2fc98eaaae8a7fb6f

SHA256
73e7ec743ad42096cb0fd345ce6ad561df4dc872e6c27a01e4b3fbee7ae836fa

SHA512
9650fad83b4f9cea0d5acd1af8d55ffb207157491f2551887b8592c2032ae86e5ee738e6aea4d93bb7a0470a5db6b18676893a46deb901ea9abc5e2a5163557b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f2a15643c1c54a88c2e625aa57e5623

SHA1
2b690e8ebaadd37457ec50f756b5d2a546444f7d

SHA256
cb5643a79c0785774fe91165dde102c1373359601432a37b5fb0c495fe0c4b34

SHA512
20e3d899627f2e7a05234cdbf47c81749fb0e5ba461e911d60ca9d9c5ff36fbc36d11ce569c8f22130cdb183e1c33e194d5f62e01a24474fc6f7571b1d23bb9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08d54f8bd658fcd308605d09398ac90d

SHA1
078254c577d8ef259561ca99ba2e12a1df3aee2b

SHA256
0dc953b88770143e66f97e733e673da7673a54fd0da94d0b1617836d06264ece

SHA512
3d7200437968a37bea00b8a6ae16af095a2304c23c459612e2e272ab67707ff5ac9227cb036c262329eeb53152fb040a591b174875b86d987179e073179edd77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
506B

MD5
d80a272554a94d542e78dbee14d6ddfe

SHA1
668b98f2529bee23873377b08c90ad17e1736a16

SHA256
ff3a5cac3ee559bda9b01f4b818084c44a17ff9764137434c9f930c24764e64c

SHA512
0b9cd21886da6fd7772aa11db280b749a6f31a51f6e4a8c886db23422f346c718db136a24c676ad54e956054468af995402ede1ff778c790cb83b358ce4565ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF20E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF20F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit