a003dde20a0cd4e3e451c5f7e1aa4b7b7a2946205f3f717f437193a02531cf69

Analysis

max time kernel
2s
max time network
145s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
28/07/2024, 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0563cec2a099507f5d3fdfa2d8d47d78_JaffaCakes118.html
Size

6KB
MD5

0563cec2a099507f5d3fdfa2d8d47d78
SHA1

4bef9b70f8a39c16f0a7d5af2ecdc4d6a925e5b1
SHA256

a003dde20a0cd4e3e451c5f7e1aa4b7b7a2946205f3f717f437193a02531cf69
SHA512

35c3030d94e6254ea77a6aae145021adb7cac4bf07c76f016ea0380cc3da50a147c21ca90f90f6a254d4c24f1c4f4bc3f93fb30c5d13576ce88b64e8d79c5f94
SSDEEP

96:zhM3sHfoBMtoyI3p3UBWbXSbZaGaWhWJUbnP:zhM32EDNCWbXLGaWoA

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8AA46501-4E81-11EF-880F-D61F2295B977} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1292	iexplore.exe
1292	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 2648	1292	iexplore.exe	30
PID 1292 wrote to memory of 2648	1292	iexplore.exe	30
PID 1292 wrote to memory of 2648	1292	iexplore.exe	30
PID 1292 wrote to memory of 2648	1292	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0563cec2a099507f5d3fdfa2d8d47d78_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1292 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d9808eed9d7de1cec9bc64728eb1ef8

SHA1
3394a81e1ad9e99caaf8eadb1d84b3a0e9e110f6

SHA256
f18e562ef78496fa0f7adb16b242bbcb5b96c7cdeacf942db189b22f12edbe05

SHA512
2488a22a47b829dfe819c474efc8f30dd010ae2f2de0248b83a29520a7023dcc5c9d7fa77ad7659a7eae2633b9b0b34936d9d6a4643d82ad71dd9110bf6ae108

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e52a1f6953b6ea1b586c78b4393f3dd1

SHA1
6c8f1016f3da360d9c632412afc473b8a5fcca5a

SHA256
97a6587a0174c597097a93bd2482dffc24112d5819c93e124490b39301576893

SHA512
87740608f6303845b3a525311ff1499c5426ee93e4a47f4e38360a5edfc2eb535c016195e3cae0d49ec14bc2d2a63afa6da53eb255edbdc225a18652733fdfe2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b984f8909b2d045b5ec964ae406da033

SHA1
378f4f29749ad701229b913995b65b9b75141a88

SHA256
28c18d01b3c0d9fca460fb07295d2350bf16fbacf814d596687bd613cbeaa385

SHA512
5f20c80e2e21f3a257f44ab358e5d75b1f328b104f21575ead9f8a7fcc12244cc5b8e1fdaff06ffe9151e01bd4ff4009ae0716f03c2236f4bad5234f2ffdc31e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9017ea69e075e3b4166fe1aac28cc9c

SHA1
9d0bceb8825337c661db1e4ada8fef0606800357

SHA256
4c5b43d0118a4c7fb23681a8caafb6f5bf28860dff78e315d86c56217b223a40

SHA512
abee3c9b99f6fc198ee722a2833548062df625d7327ee3564bca29f7152e502e2246ce11d6f9f31f855d10b3981e7fc661e5f01a4aee078be5b3a7745533ee48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a7a4dc0deef7bba497fed05c79a38e7

SHA1
295a583de9f56d1acdba37d02065b4b611cd4d7f

SHA256
dd2395d0915fd152d6a974f37d5497929f37fc4e49b31efecbecf53f79da86f7

SHA512
87ec3fe21fe02e8b8ce2abe7c887a6e46073a03ae9b3fa7fdfa9455d90e516f07aaeeeed683a095fc96bf931e12dda224eed5c6a07ac887232c5b8a854cad27d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b332a4a67beb501e6862498d9153072

SHA1
e22c1d94897227a33b263fc6fcd225c98237f753

SHA256
82e16874a5b5de7892d97930dccfe4697f85c68078672b4afe4a31b616b17cd8

SHA512
4845ec15f6d2ccf0acce860872ff113c2bab58222605c2f759a43f94ab23e08f52b0f67bf9b418c455f89cd3095b96cc9625187af391987dbbad458ac5437420

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a664d742bd5a262cf6acb18dfa61dfe5

SHA1
2acadefff506f511ccfc3deb06c27cfe62940d1a

SHA256
3c1344039adc3fd86c17ad210790c6357f7992fadf1343b99fe0521e22800b30

SHA512
9c161ac90157aacfe1ddae980fdd65fc0b5d4fb70f5b94215bfac81d6ee70eec081230c996251432361b2705d957fc4410bff1c6b6fd6c928d6bcca6502ecd7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
784458c4236789869bea61743f3605af

SHA1
b41cd9994d52be737841280bb16ea6ab648ad2ba

SHA256
970089eb1807af73e8c5addbadb4a15fa189b2bf39bfdb35ac2572a49a7d7263

SHA512
e7ccc74d94ef49915abc212fafaaead349bb6ce31cdc2f30c341831b3bb43dce7558584699369ff0b1d091463a44a78e43fb9d77383a4f4629ecfd27e05a2019

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ba3676ecfc1b23a792d3d478a50a47f

SHA1
c32173f28a8e4f0db4dc81898c4c76e720f3410c

SHA256
2cabc79d36fbd728999f7e51aec079bbe26a9c59de68a54c82e7022d282d3516

SHA512
33dc7c2adeee852df58bcd569a96f4fd5588a5d47c3dd489d0a7cd94c2bab833be4fe974b8a34f986e8ece091e792a7bd18fe608510f29afbe44db9be762726f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
800ded5941ecfcab90c0fafd2e393981

SHA1
fb898167b587f3c6d02d61430916a3b9fa2ffd01

SHA256
b3f217599a083fb66978be799db2d72438019485177a268be2f552c0afbcbe52

SHA512
a502a2caf0a795c4074a69d9bd469e347e36f178e4ea9f31045231d35e6ebd6e5dbf8e100b07d24eb5eb1a3d306178328a02c32716cacb4b0d0639dd551697e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f73328457590efca37ae34f337dc705

SHA1
c652b987774c433d08b0a6ae10e9d4dee0338ff1

SHA256
34cc005072fefee19e990b3f6d28f17a9190da0ba19e5e154db80a48601a4477

SHA512
cf5b4350b01cafc7dfa18d8e32f97f3c38792613ae88dfd4487b8d109f41dd94a1322ac5b87cc8f443dd83ce23d773a24490e1f597fb69d488b953bfbafbbb0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee2aac9cf98079b5b7c846c4549c9ccf

SHA1
12e1d3ff60afa11df3d669ea730dfd11d70c9f99

SHA256
fb9285cdf83ca7ac2c199a7beed1598d3e6402c8120a30726ce6a31132ba15bb

SHA512
3f9337b8d70015aa38b2a736644c24335df5d9542977c41295318b139f876e36e188c8be8c76c6aba41812f8249781b3c2e93e7f0cf9249d846b69df9dba11f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1eba9062bbf3ed16d33152f8edc1184d

SHA1
98e733188743f6ab83ff518873e0266aa636e4bb

SHA256
06337c107737ffb99cf42cc4284fdc572d1b5b6e1b83a5cbf0fc2221d5435563

SHA512
fa2fedc314bb2696e49f5bdfbb8de57d1edcd56c9801d2856e050acd51832f7d082b4e21b3a315640865a606051bbedcb6d5efd448af192dca8c085b65196082

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51add999dd857fd27672a1f2f8fa58cd

SHA1
025f32143cd97cea72807c7cbddf0373a57e6c5a

SHA256
96e4a286c8e99695427d9f4b9b3117926ee0c33857e8cda9b75ef5ca3b178b1d

SHA512
46d19fcbcb86f7d43d7ac778269f0d57501fb850581ea1797227529b872232ebf3327dff487889092a0391af1f9445304d77cdbbc5f4752639ed20f45b9027f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecb5fdaa488c221627e4140090a701fe

SHA1
95d8df878a36a940f8757f7738aa17eeb0f3e518

SHA256
8c9753b379ec1c65db2069ada4e7ae673dfec16c0d7d0effb91c22837d8fab3b

SHA512
69be9e46ace9014a230c8c704241f29a77ac67423701af4eed0a16802c39c390cc4d0830a7522f1e5f8891bd5148a0b679f35dde21579ef9ebc3653882379f02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9106369288cce14144d15faa87bf793f

SHA1
b8938a2845e7af5b16b9eaadeed5dc05b6f8c08a

SHA256
88db8cbd7fa50c07eae50a2d75b361bd583e20aebdc8a51c37dec071e3484dea

SHA512
be972b244bca5ffca19095411a59215eff3174565527889645708c01d3647ab21dfe8e41cdc33ec897e89ca3eb4507ded2dcf2e96d5b135d91aacbae62b3d33a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d540259e96a5012dc374f34ab9a49a6a

SHA1
6e4fdf04f083433ab35f145304b9aa10913f09cd

SHA256
8d29b13fbe7b43bb36f8bf87606f149a54102acb42b99e61746d06215f5cce41

SHA512
38359929af1e241bff76faee9ec134bb350b33ae069d28208df2efcfca334a25140627b5c723c93d0fa40cc2f2c146597da0eb00a91f34001347d6152f0530b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC110.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC1D1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit