60029e017234cd4457f5537a1e6daef9b9ae88d5d1d1d4025b62d159cb763276

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96f5a7edaae241cb133955754988698a_JaffaCakes118.html
Size

30KB
MD5

96f5a7edaae241cb133955754988698a
SHA1

9c1e53cb0e259e89302b66c6621d11d80367abc0
SHA256

60029e017234cd4457f5537a1e6daef9b9ae88d5d1d1d4025b62d159cb763276
SHA512

ea10bf42228da2b0de4b44bda18f6868147f515adf087bea3b985aa57065b2409cd718dc70710160079c55f58bf025e426f205710f2fc1ab87b663cfc53a4082
SSDEEP

384:1u70NfBoZ+flgU9GhG3BQwE99Bsr9S4+F94gJYeKFjhbAQw3wxwfuc6SMzHQw65h:1hNMTirITm5bcTMCMbW/nTF

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429817823"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{54CBF921-5A61-11EF-BC1B-C6FE053A976A} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2524	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2524	iexplore.exe
2524	iexplore.exe
2084	IEXPLORE.EXE
2084	IEXPLORE.EXE
2084	IEXPLORE.EXE
2084	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2084	2524	iexplore.exe	30
PID 2524 wrote to memory of 2084	2524	iexplore.exe	30
PID 2524 wrote to memory of 2084	2524	iexplore.exe	30
PID 2524 wrote to memory of 2084	2524	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\96f5a7edaae241cb133955754988698a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

Filesize
471B

MD5
4742770ed0364a1b93b1fd364bdd7819

SHA1
3bfd48d7ea54a1799e3313c4ba7b09409fb2dce7

SHA256
f610457c35773426a563f98cbdf747fef262cb33e7c53435d45a590204dd02c6

SHA512
6736f4f3525411bab3065c42f9b94f7dbf0510191b56a572cb3cfb12484dc19af0600b01d8d83fbfa05c3b4967e2380089a72678451febed0cd182283e6f3130

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2475fdfa4735898c28ea6db43ee7fdc0

SHA1
c33df43a4a764bc92085772f80bca8a8598e7ae0

SHA256
939d566b063e0b51ef3cb1807dfa1ca44e7ee221bc924466ccaf60de5981d6e9

SHA512
6cfb4c713ed31178c45bbf4c3f371e6ac98db8369b05e842d8aee15247c5d0faef8f1efc54d3f19b68bd45de9354669223379a3b8c1d812e7704eea845569b56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9676afd0aa9f91438984b525b0e03022

SHA1
a123d420cf32902f76a808f1780a3daecdeaa78b

SHA256
6585608ae31ad7bccc7057f5203940abd88cdda48f06e804566ad96f894cf6c2

SHA512
0ac84b0107d60d6849e6aed133d48fd0d6a264b497ddd1e17b49b29e73e6d598111f4247b21715a2bf4ec7b98a31b80126ce04ecd1ee2e44079ec517f775d4d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d993dc2cab4559a7c07ba6f1629cd314

SHA1
b7c19a386914d233542733bf32049b6202b888db

SHA256
354da6dd64d441c0119d727f4245af03c98a02c8485b5c4081ad987e4708797e

SHA512
c1187c4af49fe19e7b51331430c6438cc507bbf6bf5cf518d01594dfc9a3e0768fb3072b822975f9088bdad227a36bc1dbcf95a95ff66b1bf067bed2e9d4a92f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df7f827b436d36eddbe74fb6dd8c0f30

SHA1
6debdbf8029f8668796364c23c7999b41043f922

SHA256
1f9fe206015fca5aa4b2dc611854a1c8a51c289651176a36451d12ceef1a0f08

SHA512
5698c1312afce7401d037ef8cd839091fbd94c0dc4aac656c8df96e43d34650374fede4e988dfc7260ab9de41234863c42764064f913e29bbb34ab12457c2e91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97bafee064f8432975fd99b04393f2df

SHA1
6eb258c2680c641d3dc3a470cff882e9a3ac00d2

SHA256
c68ea9439e5514d1306d2a5057f3f1de51389b9a50d0204934f2f0d4292f81e2

SHA512
93b484cfddfd072b9ba0ab7e6cefd5c620669de901354ba17d6356fc978f31615a9cfdb4148b8d77be72b66e960f3da10b76994d846f49a90b46327f2b90903c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
386034f0c531646a752f09014cb12aae

SHA1
702825eb248e753d68845d57d966c7c6b0c96c9e

SHA256
3562ee560004555370fa20e8aaff775c7dfc69ca055e51a651e7bd75bd0050e7

SHA512
88b9628a30edbb27485b216711f71e4554e5ae5fedc706dce0a91c5e67e2b2be71639425038e9d83d2a54369b176cbda5bead5c0a232c9b83e83267d3cc1ddd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2a0114b809ec1b72e1559cbcac1b7d2

SHA1
8aadaa3a5b0927068fecf7a6fdc7d192e33abec7

SHA256
0bf3e69026b1b2c7dbedac0855426b88978dc7d39aebbfa80018481a3d8461cf

SHA512
fbf52d51371bc43e5ec24d688335cbc2b83ed3b6e381ecde45807d78593a8ea6aa03d22409b370638ab117a41b889fd5b5f5f190fc9bc1128de0d15320eec2ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46854f5477d2c4610fbbda8d7d180774

SHA1
c3b114543e2077fb7d391fdbd6aaa1cc26a678b6

SHA256
080f492f6dd64affc1b49924e5521d51af4b5cc9bd1b5525f599eb1ea3bd6dfb

SHA512
84b3869e10d01b644b92543fcbf30becb9d816ec53dd85ba9c5c9ab7146456a94b8b17a68f5520a501a3fa657c7c4a8acb36deb017a9fa189a4f9ba37710b4ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4728f627017f2e3cd0e99198e593c82c

SHA1
2f3814b42e7cd78d56ed6f0a40586f76685bb316

SHA256
a2b8a7faa06c4c5db86239c4774339c7c5e7e22f79e0172d7b973f5f37284572

SHA512
9c3eca22d18c03558751edd57731c6880b2dd94bb7d3c4e91e8f230f56f9cea5233e90dc65abd92d0ad24262510e45520c41b969bb83c41d1fa48d4ea7fb54c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d9322ac357abb2bed8f723292cceeab

SHA1
05d0aeb8397b07de30303592b3a8b7e8e2b81eca

SHA256
cea9e195df6ae2185bf45fd893c041b0e57caa17da8acf09484003d42d8ed8cb

SHA512
da076b5343f9fc29978e4daf3db3fa3ca4bea654aef3d8380b1de9383db47af5fd2743006ee92459222b9ce15adbaa2242c54916fbe69e9d3cc40d5fa873d7ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fdfa90c795b1e258040c1b9af139fc2

SHA1
edee8614e63fb45c6dd9326c77a4b0baa354997f

SHA256
3c9fa058b9db407eabdd3a9e890879fcfe075938fe34006957cba7b50de2f650

SHA512
174e5577f9d779de764995f93c919358e6a4b0c9139fb2fdd9801110d60f295f67521db937d040b8704791e25f518f119135e3debb06ed548bfee5066d025758

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d6bf08d5c0a2b31426c1b92429225ff

SHA1
522fa96615577e0df5c8f2ad7e8b1f83795f3768

SHA256
7ad769667fe6eb95ca7c17a9064baccd397063f812b7fa59c63cae681794cf66

SHA512
57073248183c12b2338e8eb538441a8a82490f4e44ef47c1bd15eddf0c8e368681aec1bb534bfa05cda8e11a97b61d9de09c35173d2af5a5dff485ef1e96d788

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

Filesize
400B

MD5
165debde8afbc37198467707f4efd6a6

SHA1
304e24f4a669247df3e50c9af1ac4fd46993c1ed

SHA256
410ecc7182b666e2a76df359a4c401aaf6bc78e7aa92724ba3860ab214d4763b

SHA512
bf96fa140b011e7499116b68aff9790e3cb181a7257f548c21de92b94fdb82055235828651154ca75bfc969d5836e5cffa787622d012fd123777b6bcfcbbb435

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCF91.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCFA3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit