391008c0d2c56a18b0ccba851850c3913981f8b678060617bdcc190680b76a05

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 12:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

aafc06f18c8bfb39f656934175234332_JaffaCakes118.html
Size

23KB
MD5

aafc06f18c8bfb39f656934175234332
SHA1

7c6b683f2845acb52917c718dd72215307d8ed82
SHA256

391008c0d2c56a18b0ccba851850c3913981f8b678060617bdcc190680b76a05
SHA512

d72d68f9d2f19f6c88c4003983ee90671f69b54b9a4ba91629ca72500aec4f368c5f5622b729544779370f9efaf06f684edb16b92955d792a5c27df6b31b76ec
SSDEEP

192:uwfYb5n6FEKnQjxn5Q/MnQienNnDnQOkEntkinQTbnRnQ6v06J4RnQNjMBHqnYnE:aQ/Yv06kK

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430231673"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E4D59961-5E24-11EF-9AE5-CA26F3F7E98A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1592	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1592	iexplore.exe
1592	iexplore.exe
2408	IEXPLORE.EXE
2408	IEXPLORE.EXE
2408	IEXPLORE.EXE
2408	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 2408	1592	iexplore.exe	30
PID 1592 wrote to memory of 2408	1592	iexplore.exe	30
PID 1592 wrote to memory of 2408	1592	iexplore.exe	30
PID 1592 wrote to memory of 2408	1592	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\aafc06f18c8bfb39f656934175234332_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1592
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1592 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcb721a1aca09397a0a7266ea2307458

SHA1
602f184df53cd93ebaff79354904f5d82e6598a6

SHA256
d87515834501a5c98ce0ebf464c2627e8143654675196e96824d2c7866ce5ccb

SHA512
70c484b128ed98d476eb10f1ec68b6810ce32b38fc485419793f9201cadd0c8fbdfa45d77453b42d0acc4c501950c3628539fa9e08d1b269921373d7f397db6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
268fbbffbe1553a9925c31de0b8c5733

SHA1
b22a36d007f80f30c1428550de9b31eab979b4bf

SHA256
97d5c1bf4c46a81b528a59e1f66264aa23f5ecfa9fc45adf4c2c5c8f52e99811

SHA512
e8609e3b5a810c8bca6cc8ed82db9cac33c3f209390c79379929688bca1673b7d7554c3dbd73aeac6f3d177a538c0b3ba96f02371a9fceac860a8815041357e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b6768c72238e902dc55a72a3388d778

SHA1
4e5b7a4954905923370ae5525abee157acd74a4c

SHA256
4ae905c87f6a5cf39c4e5b63a89d6ee19096cd5aa07e6e06b03b909a362b2cfe

SHA512
e2b601a20fbe26b4304814d7122171d13fb07e62ac58995c6b87afd6350cd90d53e73bcfb5a308a0e19214652fbd1ed22aa6b7c99052bf2809009a53a7948f86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
832c623f8c72b2742429edb9ed3a55f9

SHA1
f801aed146380aaeffbd22a3aaa6d72bd5b74ea1

SHA256
f7affe9aba99f7d9060d3def0fa4f297881cbce6f1416104c6bf2b4d582c4ae0

SHA512
7d0731f9596b3324c6817c3f80924fffe8672b7eec0df1c717511663db62f980ac4ae33148a027d6a491d9f655b8d4f5ef38ff7bb6d6ac6850673d345d53c7a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4aa1bd118ca0ebc8db4f826a4b3aba5e

SHA1
047abeccf9d65902d9c700f1e9595a75b33ac9ce

SHA256
bdb2a11b9a50935474e41dca0634aed79fe255cd0fd3b41f40997b3b2b01f89a

SHA512
4048685d9951be6190d0f3c917d16e79b6adb58a9c7043df3969780245ae799f11e44778cfbad29687fb2bddf7922fdecdf2bd7b975970aa56c52322990183e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f50346782131a7c1686bba7c12d8da5

SHA1
f749c8a2307335b8aa92cf3e5c5fc2d741c34e6c

SHA256
9e377c39ff36711baf19d46827f93d1343740ad2357a004b42af631023b1bb1f

SHA512
7f571bb18ad0820eca826509edbbe3767f5d1b6c54efd02569c1d1a86ffa2f03cd8800701a015c3bc71fcb7adb01036a5bf55bbc2cf72c29d62327c44a67aa8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9a2409a87607eaed59d7cbc8a58413e

SHA1
5fee1b3bd21aebe59186c0ffdae8a71069d38209

SHA256
3444cc6529ddfc17f0fb4541c771b89ff82d8279f4c3a775c0659a653d0ea25d

SHA512
6f4c21b369a0aa41eb8504eb1da022cb416054f9a8b52e3d561e815302592e0f0fe4f804b4f1bedf8f3fd69f0b72a6a5b60d15265613bc0d4764ba682d91b28b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61f8ca1d3c8606c44ab813e72c40756a

SHA1
94f71177490974ec2c51082ef90043611f5db7a5

SHA256
d95a5b137c83d6ba3fb5a5f7630b7f408f613cdeda97f6dad35d5f316765662c

SHA512
dd3299da7f06e6426dcbc498959b93dd741f4ef0d2a9c72529a8606b9d2758d9eacef48d98416dc88001fda02c03d2154f29a64ead461dd444bbc84544784df6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffe3b758362df8657b8bfd791e6af0a5

SHA1
fbe8569b89bcdf7db883fd50b4fe518635e91f13

SHA256
bc398d47a3f3430abfb4839acd25db550f9aeee67eb4b5af96ab4f9bb6f38d02

SHA512
eea4fd676a4b4df0ef7af6cfb7f26727330b752ea3535e1d2fb8b920d01688cd0a071e60c90f74bf6ba54f91b6fca8d7cabb359bc7fcb905a8525ce376cbb663

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e60b3b4021f8c196d51774dc6b6729ad

SHA1
6208b905709dc60fbf3f3fbac3cc3fd39abcb617

SHA256
4deec445f3d224338e1e694cf31a20060ec857253f0e14e8916861ae3f05f9cd

SHA512
9e35f4f8e9a59098005acb954e5abb5930999c6e7f195204a7a5ca14504280e8c20a513557dedcd7f779b975f1d0f3d6145518d2d354f5e0a29f8b6cbfc6044b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08343e8333b748307baa7d99d68fedda

SHA1
08d1dd15390725c435d42af6437234bcd72ef6ef

SHA256
62297411149ac289ecabcf649454080fca8a92ac1778a95adf0f356bd3778d8b

SHA512
4044bca264263045a138f34d04ec0ab0dc0954fb8f4fc44c9ea7c8cfb781ac2410b8bb9e06a969d4863045d1014fa38592052c80332704a9d1458a52882c5910

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC41C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC4DA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit