8e3dc9d0d51d9872a7d0e761470f3ba537f6351a880b2c3d27af08e18f6a03d0

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02-08-2024 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82698daf234976ef2d246a25cb87b4fe_JaffaCakes118.html
Size

71KB
MD5

82698daf234976ef2d246a25cb87b4fe
SHA1

df06a11b1abd93e1b8f027569c18703f57fb5cba
SHA256

8e3dc9d0d51d9872a7d0e761470f3ba537f6351a880b2c3d27af08e18f6a03d0
SHA512

5e4a392709aafbe08e2cd9f07cdce0a42a33e3722fa8e4dc343445201abaacab0ad149ca83685d1dde15a6d572fc5516bbbc8a085a5da72917f94b7df4a3345b
SSDEEP

768:EIsSJPMpjFgG49yJsHp/jo1j45F5RV5DA2g42tPa2bd:EIzMpjF29yJyU45/RVxAh42tP/

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428721982"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DFF9FFD1-5069-11EF-BD1F-566676D6F1CF} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1916	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1916	iexplore.exe
1916	iexplore.exe
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 2372	1916	iexplore.exe	30
PID 1916 wrote to memory of 2372	1916	iexplore.exe	30
PID 1916 wrote to memory of 2372	1916	iexplore.exe	30
PID 1916 wrote to memory of 2372	1916	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\82698daf234976ef2d246a25cb87b4fe_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1916 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
c3cbcd7ebb4b1379b5916d7350cc5cc9

SHA1
6b182b02cc8dbb545ac7c8f4aeba1ade37e7034b

SHA256
e9f9bee5ff39b36b5c875a783c30fad7cb943096c341aed371b8e5ede4abfbe5

SHA512
be4c61d02f06303434e81ef5454312c57cc23d03abd742113c3eb103cd04ef169805f2c475a6f48279f238fa5ca65154b868bb4f6d0f876169f2a2b52b05fb13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
164afc56ccf3fd9f069cbd90cc424464

SHA1
d0338c4ecbca435eb066c6831e4fdf584bf7838f

SHA256
e976a01a595bb10930a27f7f37d19a7d9b763b7b3435b91d719e7902abf66a01

SHA512
dbe1ad60421f4121e45512c1fdf5b77d89615ec1247d20dfdfc5d391d299aab46700259bb420f72579b721b32f9866dffb5056eeed1a7f3c04b247ea13cc7eba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
2ed7317c7dd8b61b3300497f7b76a132

SHA1
919a574b8b25b6e3a6b6ef6759848853542e005e

SHA256
37b9fb9b84c0c91c93b0b98af1dec4c2fa6376be3ca50e9f1f95fe1145a5e74e

SHA512
5c673a74850c4f5a711dead2e22ed340a0ce8b540b9566006c598b10b2a65c21e5c1e418f50b24f9ab48466195ed922667fb5da1cc853703b342129888778d84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0ede81affec1ad9ccb78a9904f1681d

SHA1
7c2898a5c21303d69b6a49b274e67b2efad9fb07

SHA256
5fbde29c7a1acf30ac42776031ef1192c815c151f3c18fab91c298b47cc6baf2

SHA512
e438ceceb8fa1132f7dbf9f560c42a554492665a335496f2ba0acfa614cb74078e63577cff50f910d13cad35a6b836d0d07cbe3a08e0cbd86f36f8ad202111b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74ccd91fb4d59b9106929e2c142b3a4a

SHA1
3ea5c37c3bf583ee9da95bddddfd70f2ca9a2418

SHA256
d58c451b8bc8ad7ee9fa83d028fc2e0ac537ea5c51079bba189de5f0f09c9dae

SHA512
78c5bf88a2329503f1f322aaead01022376fde2cc63b3c57b2b8f58bda6124cf1aa0f70a2ccb1928b0313fabd4771445f65f0ef0b452f6e490a691e7b4f9d0b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e29d16d3f698ac288f7052279088fba5

SHA1
1cbdba59f7609184a0af23fe88beafc5b803596f

SHA256
f234905309ade29152c7a30705c55038158fb54ca6975757f594de38eb015dd0

SHA512
2dfb5751283653b00bc0a5fac746e7164e7ec4c49f374ab133dac02aa9918cb3a414500a2da7da4e9e30898126bca7d46e6f27ff3160bb3fae2beaddfe766928

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f2b92992ad03244e13fada82bf34e88

SHA1
8fb9d7c8345ea4d5702fd9350aa805bbd36b8a86

SHA256
51640998100428b1aa845c694ce406f239a3d91a681cc5197209182003ab9f11

SHA512
be682bde3a11385a821d8397f5196fd807a9a9bdaf76e4a894eb41b17dcbdb1b1ad613d1251e379c56a9960b485cbca5549f7ff3394709604e0dd25ed3b4987a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7790be083922a06466c8fb7b2687ade2

SHA1
2710573a71ac75ac6c798444282f847fb40ff344

SHA256
841782aa04c396981ee2e346e72945129cf265b5ab96fb2fe283dcd9fd567edd

SHA512
b1f3a37d3830c3c8873dad78f74bbfca454c04d5db7c667f01ab186ec2351814bcd81eb2411551aea69d0dfc6026c6516a4e7cc63d15e8a07f9a57383690e432

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e8c91812776fb92b83d979b584c7c10

SHA1
56e571741f55d4ab3bd371f7a7fa8b742c42bde5

SHA256
0a865b88f27dd36a9780a61b90428342503afbb0dbf63c56c42ee73ad592596b

SHA512
a485716281413ca986ebeab4c6c9db3fffea117ad83f9de6f8d913004c4206eafbbcb8f56fbce18ab66f7984c3263ac4ab1acada9ea7bc1a1e60e51a4ab2539c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1de2938ee4b70a4dcf227855ca65992

SHA1
83a89c9d3ee8f5570f83b95e0f7e97daffef2384

SHA256
80103be64d03c06c3891a401f847aef17512db2a39a90953a6bafb294d9e6f09

SHA512
b37a3865cb71ebcfab808998ec0c4460bf245d1ad30ffad15d5cd5196ddd87d8690bf976ed818408f723e419e15eac6b871182fbfdf351f03ea01756c4fa6480

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54f4874eb7c97bef5931b322d19820b4

SHA1
a847b58fd38a6f8ca64d3d02397b394c29d8c10c

SHA256
f072483e9b127e9754ce35a49647c80c82f9720e795d80c43252940219f74a16

SHA512
cdf7faf53fe9183094c634fe625d3332b5be20ed039bebb010ccb932805beecb97f4d6c50a688b6755ab656ff2a3016410e62c8f357771f7740f1680bf5b061f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38fde3654925e989c9abf43e432fc7b3

SHA1
e1858f93c87ef4775210cbcb7b549044207a59ad

SHA256
1fe037501d3af98e4ddfdd034e57fabda86ea32cdad645fbbcf1069b8e51dd37

SHA512
127505444ff803e029a898b3afd58a6bde0bc18bbce2ca0d15ec646b5ffa838ad94ef0469f38426e0e3fe177d98438e0dd77dfc515420c736eab6c65b6e1d79a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b5ec477fbf0dec9337fdb4471c546a1

SHA1
f8967c347eb9643f8e7d468fd849e7ad15d37dc4

SHA256
61638b318aa6bddb1802bdb8074482bc98131a634753358d95af962972f52606

SHA512
2e263c0b2ae0954cff4f73e54e188b7c95fb3577afc3ae2db474e478af3782eae3ae293616fcbe66fc1cb4a912d252358d4afbfe50d7fe9cc8280be49926042a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

Filesize
402B

MD5
20c84edc66529b46501131ce6456ba69

SHA1
74a626ed6d361231dd0fe8d43bdff61002adb7dc

SHA256
0bcee3ec029db3759a2d21df83ce3ec7a638f730966f7ad996a4323b956e5a9a

SHA512
a2e25f2c38589a6d75787fffc5d4bdf2ad788f529342b49105b6820ccd7cf391aaadd8167b8f8cec04372dca5f6d94788ba19b2e5c1bcfe0d9202a4bb0c3708a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ccfb30d8a23ef4127c5bd7746b7cb5ac

SHA1
cad36205edf8e50e451c24ca5fb437b9273494a3

SHA256
025960c68cd747fc1b3d7c078b8e0bb09cba4350980e366ce7c6c4d2d98ba13d

SHA512
b9dad83304124fae7c0bf475b81fede9d397a0f36226c35f6479921545b684957d33df07011a83329b7d493f66d810e52c605d960fa083a84a08e7b58924f82d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFAY0EOS\platform_gapi.iframes.style.common[1].js

Filesize
55KB

MD5
aada98a5b22ec7188655c2c17a083c57

SHA1
7c3c2fb8744e7412d8097e28f588788d91b9cd9b

SHA256
f2f09baa213dd3dd95edb5a30c7764e4a44d9a79c0831f90b1ad8ebedec9dab8

SHA512
a780aa3b9e36f61be8240487e75c19a96fe26d54abf9006680a00af9d1d394e81e517f0bbbc13edff3a7190679260ecd56fd5cdd7c2d2f416ab8982c3277b953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWMUP5AI\cb=gapi[1].js

Filesize
135KB

MD5
cb98a2420cd89f7b7b25807f75543061

SHA1
b9bc2a7430debbe52bce03aa3c7916bedfd12e44

SHA256
bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4

SHA512
49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA93B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA96E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit