5b06759126f6309c7f4b26b45c9600c343ad76167164dcc288804e7abe764b65

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
16/08/2024, 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a021654aca71b844c1cfbed88fbddc63_JaffaCakes118.html
Size

15KB
MD5

a021654aca71b844c1cfbed88fbddc63
SHA1

fe430d192310775e49ed232d5e394994f1eb631b
SHA256

5b06759126f6309c7f4b26b45c9600c343ad76167164dcc288804e7abe764b65
SHA512

b9ae1a8c87a89cea392b41ccc1814ab178ab0c090433e22179b27a49ceea463b1fb35800a34d5e63f0ceb77da8d3c894b449565c9734756f0b0a66dd7f28c002
SSDEEP

384:AeJ4t8ogRYvBS9SJC4wiqg2SNTvW1RUcME:atnxQS5k

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4BC69D51-5C1C-11EF-B39C-C278C12D1CB0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430008080"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2948	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2948	iexplore.exe
2948	iexplore.exe
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 2372	2948	iexplore.exe	29
PID 2948 wrote to memory of 2372	2948	iexplore.exe	29
PID 2948 wrote to memory of 2372	2948	iexplore.exe	29
PID 2948 wrote to memory of 2372	2948	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a021654aca71b844c1cfbed88fbddc63_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2948 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\073E49AE70A07BAE262AE0F8614BEF74

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\073E49AE70A07BAE262AE0F8614BEF74

Filesize
414B

MD5
e402b0f59213c4dc20a351b915d648eb

SHA1
82fae3462568b1bcb5b5772d0e7acc92eb71918a

SHA256
82098b6ab479d316060059b6907c39c6f693899f23076788224adad38caf8af3

SHA512
d888433f01cbdb95cd38445a4f396180b5b2b29d4dbe9d5e1ef5529d83ae7a9dcebf2b5fc9a0e319db64a7b2c1918044008691a521750854590f50d614800e22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
84ed06e5d801a3c8d6cfef0736608d42

SHA1
8f6794c248cb7001ad7b04bc37ad215ff011aee0

SHA256
47bed19738e1ead7a7c27aac143d22e45e4fdbdec49153b451079eb2764a389b

SHA512
4781976539a9408c8e2e2557ce0105e0aeff1ab1755b6ebeb9811b048bc095a4bb164e283f30e87ced0866556ba40b526683fe225e642f5b40f57022e384057a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fea724c5ff454c13ea78f5b566529338

SHA1
3eb0b029940c5f5036d1fb9406a67eb18dca243a

SHA256
d309c66ecb3e11408c8b51c547ee9ec0a3bea65f2f6ceaa7501a4cb1abef9978

SHA512
987489867ab7869503e04efa8ea2a58353ad05d0f7d09bd927376e55398dfaa86fa278641010d3991adfea6c0f2ee0ff49f997e71a91954f5d020efcf9fafed1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c402b2356f057aaefe1cb46f105131f0

SHA1
5c87e0a380cc3f63cec0a83f848470fbce240aa8

SHA256
2c6d3228843b89f1879955df466d14049c9f7fe079cbf662c98e65d0514377c3

SHA512
33da7082df1dadf7c7c7139d1131ed173c8ff2666ddd5d898c28eb9665561ed535d4f570dcd8c38133c23637bccb8c5f243a5fe780411d5e4f2ab48dc6095df6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56061ce6e034e2dd0ad94dbdcebe1949

SHA1
1dde2571c8239d4fb5fc48ee819906b9d018f977

SHA256
fbd3cc2e94f6c1b4ec6c22bfc035a34c03f747483aba21e518dd3339474f78bd

SHA512
1650efc4198e8ca179bef35c23644ca9cdd1e91a5a5705b83c7351224f2bc0c824d004ff87fc099ab1c3ef3c8973cfaf04cec41bc0205bc721b0d7aecca70f6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fab23a72cc8181d9f865a59bf1f09ebe

SHA1
c844e3762dc91b062781d8010f87d90761b7792a

SHA256
dc48ad5165c5232c4fde19f799c47d2d24c4626e7249e923a15f9868b98c739d

SHA512
2e32ce675cb6c20773a1920b2cd8ce6a7d71046e7a6c5d05c8e6410921ced69c6d7e3b1e5ca7ef2082f98c81ca521f0b3f65d55abdaefcf0d48e8e6a211ff554

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d4a1e096600f1c8c5e0561d4f63c876

SHA1
2f055f055f2366de399b0e6ff24d39f0a3c95ede

SHA256
379740d7e94ab0cbb7d33052fe48c01d73e9af24193b985e9b8e7ba12c407bfd

SHA512
84491b0282474d4157dd4a9c95413958c64db5b2ca3bd9ef465a2652164818f140174c6eb1aa150320ac4d464e5f54e29b733f5fce82a059fc5a1d53be759010

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d35c2c88002f0db4114e37ec39fe585

SHA1
587915c2ac80f939d7984c67f6dc8b46b759a116

SHA256
36d9644befc07febd5da55569c1e26d311485cb795020f7e6474795a8b2a25ce

SHA512
403caab8c3753b2fcd08a9046c3cc85e02f22a4cf917d8aaa4467ca99c969df30e72327163a6f0abb2eb8d51b48bfc9e62c64191ddf01edd89525a744f91fd74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aaae704dcefde924b9b69ae68fd89705

SHA1
c6b0f284a615856add762b55a8757bb27253b76c

SHA256
b358f61ee19c516c80231c1e2fb9cf21ecb500fd47cfd71c440debd5e9369ea9

SHA512
bd9f679ef4d0b2df3cf54a27b4cc68b334d32273122dbe9639ed4f1a1d262589e662ad34421dd103ff41a2760f83ddad711956ac844296901068b84f618ce7c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87e8098935e59a3bea644959300302c4

SHA1
44b7bf6301cd284ea23da4d0ef2ea35c0ce16c6f

SHA256
401dab94b15c515542dedff84f26b7efbc5e78e1b0f41a73c20156e0d9835005

SHA512
008f14d0d427fe412bb1998a569d9d229aa65589c60c76cfab4f04adc9e6d0e8e85d9aab4c5106636d749d4cde88bacbda6fe1783f533c6ab88518276a952524

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0cedd47fea0aec4ec0f67f32a8935c6

SHA1
a6948b8adf025fa0dad42188441611f6cdb3ea7f

SHA256
2ffa92a92d60caae06c894b781b351fe4d1f2616ffe05e482012bc44c311be30

SHA512
bc3dc53725c343814efcacb14ccb266e969c03523a7e6e60b1986b32e2fccf6ae123ed7612876094b79c7b4624d38b9dc8bfda70f30fa51d66987a79f38b66c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4f934ddcff378e0bf624ccd3329076d

SHA1
39b888ad801b180d842418ee0600518c94ef26dd

SHA256
90e56d9311b05e2ab72e3ca784697e61854170c6a892194de80e4696e917440b

SHA512
5c1b2fe2e32b2eb4ea6f5ec37702f2f5d7de4741a96037b58bfb417bc2fc4fde73cea128412be418e202b9df62e395588c2ace3274aee32de5a56784e3842ff9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f41e8f8c483adc442f3ed1e383b4f86

SHA1
814b25ac2bf64799b0e8c4bd217478681393762e

SHA256
13c3eb555dd43aa5e898ecbef8f082589cd59a9c1cb5a4ee5741ae24925104ca

SHA512
d675603e0ff4e9ba76aea08f8b8de51cda3a8da0cd34eadc82968034c5757f78acf3e1cb953788587a44e49c5f3ecdd64c03e79a7fd48e60d4e425b914ee537a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30981e075b57eb2c640270ee5170ef99

SHA1
bafc9565b5a60fdb677e6704b508c1739262fc61

SHA256
ee7e9ff6763eb638397aa37e2d64d8447ea378a654834b359649a678d1d57256

SHA512
46ce841c1c17ae6a2be1a665b7d584aec95213d188bf46e11d75e51619d23a4d87a93de961be27e3cfaba9669b071fbca66450284f551c5f9a87284fed1fd9ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fd3c48b2277c98d7ea8361543715dcc

SHA1
4e16960c8466f44b565c8fa8084be82add5a8207

SHA256
a57f71c6ff09db5ca2dbf1ee4518aca07328179c7197d68e07eb27857ff7b4dc

SHA512
612cabdef75690aee45bf884d7bf0363a6f71723a7fd65910222fe450bdc08674d81d3d178ce024fefdb93acefb784232c0f0c575317401d5f282792950c6b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2796429cb98db3d7a94bb3fc7043faf

SHA1
69acfe057c6f5f55e3359f11f9ce1adc3cae38bb

SHA256
297af9f8a270a93d9f32555a3f9b214650df6ef7c6539034f5f2c92c759000f5

SHA512
786218a727faba4b850ee2de15947ceb1b1b828ca8eb49287b2a047a5109e98b49db7f6dacd08811ff56fb6d63b953ab217618497bb86a510e7c3856e5297a40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
d450c178a81e5c468a0639ed8cd2ad23

SHA1
42c3547fa6b0cb228bb1d24ce28ed8fbc328df13

SHA256
6304659ed834d6f195fa142b1f3daebb4c4a08cea510996de48ccc02e2370d46

SHA512
e7fed5c67dcef9df9a268dcd652e798a0c94805bc718333ae6f09df651732363212564e05f76ec2f14feec34db5ec2edf3f6a36ecb9ecbd92e77f528bcd5b662

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF6CF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF720.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit