15bc4afd3e9d83cdac412c6ca7c78b35a75f4a5c8094dc50c58287e019e7a277

Analysis

max time kernel
78s
max time network
140s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abf9c0d1a5fc387faa952b449fe3a997_JaffaCakes118.html
Size

31KB
MD5

abf9c0d1a5fc387faa952b449fe3a997
SHA1

85be4f9d03bc8ddf1dfa4f9a3a99be1b0d15ec05
SHA256

15bc4afd3e9d83cdac412c6ca7c78b35a75f4a5c8094dc50c58287e019e7a277
SHA512

5b7467245567efff789c0da9b91ab088c1d0a36ff0c18dd33b330576b07588d0ab24d169258315074034ed04c18c30ed5b2c4f6b8f3c6a70821d20032f70de43
SSDEEP

384:Qu6lKfo0lAtsdgkKX7bAwtITHjv/9cnmowve3KX3bynIaG2v/9cnmawveI8L:TlMLIOGWIVL

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{162264C1-5E53-11EF-8FA3-EA829B7A1C2A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430251518"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2432	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2432	iexplore.exe
2432	iexplore.exe
2180	IEXPLORE.EXE
2180	IEXPLORE.EXE
2180	IEXPLORE.EXE
2180	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2180	2432	iexplore.exe	30
PID 2432 wrote to memory of 2180	2432	iexplore.exe	30
PID 2432 wrote to memory of 2180	2432	iexplore.exe	30
PID 2432 wrote to memory of 2180	2432	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\abf9c0d1a5fc387faa952b449fe3a997_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
acc21bdb2bc9117b14f4c3b5c29c380e

SHA1
aef1f5afe3dcd40ef3e12429d23b67a683ff4079

SHA256
48eb2a38c5b60d87ec14192bf7cb81ab83032873c1937b90ec4c44044f07e251

SHA512
2d59f69523ce3c37e284bd57d8830f3d8ca446f915af45ba3b94acfac4991d55af8312ef65ddfe5a0a85104bd0873ed8e3c91fe3f09aa128cf11b0da15fcdc45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9674933812ea4dd07fa66427d75c285b

SHA1
6bf061c4707f0920ea3ae043ac1b0dab1b6048b3

SHA256
d3f46103c701b893bf54197e44ccb62710a1fa673467eb17289667875384f0f5

SHA512
0ef0582be7998030161b76751954f1a85e6bac8a40ede022e190821a8d9139d6e3278447a80ce800502b5c578a9264be9d7966166cef48d01f9f0a84bd2e81f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0fedbf3d1c67f8ceb4894eaec32db581

SHA1
c5b57401330c08b8c410a23b1f4b4d63d42a056f

SHA256
60fd46710b7e4aeb565c28bbfec5251d7275b50357c583dfb2c31499c1662221

SHA512
86bbda8e12fc543578d71162ca595de10c5d771ac228adb58b138107f5555252f2fb7f38569cb5d98451ea94600ece7762a4599942b5b9e991c8ea2b20d5917e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59e44ad2b377a37f11d5b58e1790475a

SHA1
3783d4557957ccd9e02daa50f1da9b07b869ad5f

SHA256
b4e8dc7255c5a01131b2fd89677c97081cca3a0037ab984dcb60e72970b5f7e3

SHA512
cf4173df2a599b7c58071ca58fc96e0f0072d983ed9e0abc6badb604c2c761817b64c571c01b9dba333adcd2bef262e5b1fce538eeb17b7aed947bf6205aa206

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a549a8effb36e0e7991afd073d2b5cde

SHA1
21ba5571c660071ad87df7ca3c7671b3628273d6

SHA256
0195237578caa6e1a664f1448917ef3b4d6b08839cb64a334fc81b599abf0d0d

SHA512
40cf7a6182245022e3b7a23bfa9303544a2a3aa07103ca3ca40af1df0a006ff7686e24679112e65d6046472debe44fd3aae764345063a733ed4cf03774dcbc65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
332d17526ca13c43e1d97d8351c42a96

SHA1
581827162cf7a05dc4c8296789c9d568a2320698

SHA256
d25e4d5c2bbd29290222e3d529747591e6b3c6fc4effdf78fff8591b4c1b7f4f

SHA512
4b1a8f714d89f1bad8cb82cd23880c50c7e5c7655397789892097b0b5f14eed6f8a65ba24e90a38214b35e3cd5d1992f6f010fc99daaf6ddab243f10bf38a09b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b98f7948dbba263326bbb5928288550d

SHA1
9abc05f8a9ef0c0eeaf57342368bc0a4e8cf2869

SHA256
7bb2eff3d3b04129036a44fb4af733de6bb3184629f06bc615eea0623e667807

SHA512
62b4eadb0c66baf21643ab40a10e5746ca6dbce6e21e7dc0af54e65b9d6388000ff036939595351f98bab96dde3f96cf3463056baa2a0d838ea6006214bf88dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
727bf222eed613d2c3119a040ac30523

SHA1
f164a14fad71a02caefdd0725d42de998f400004

SHA256
c9df05ec97620af3a2e5a271ff7fc13ac1e31d9334308b71dd1314b8553beb47

SHA512
d5839ff11ad06b2361dc61a0524d0fcdeafbb5b874184ac7af33e728ca7e04096b836d99ee3a0c24509a45cbb2fc1e21db88905e0b4eb0efe2712b408b73e2c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37293240f218782197dfc975180f8dfc

SHA1
cf698e0b7a648fa7036d419489a29d97a047671a

SHA256
f45e66ca241dd9d478050634249f761c69db4670918560979996b4af581906cf

SHA512
f48d58817bf7f5eeac3b56b2c51934e7f74b5784a261738848a28c2dcc2dc5a8556afe64efc227465bce0bfa8c492e1b88e0276c27fcd554b97a7029f33fcdaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aba89adb478673f8fdd0ca2d599b2f42

SHA1
13037c48c3110c81d1f33380e3a7e60cd42fdabd

SHA256
67fde6a22e46a9227d28de97812417f5d4aa256332ca3baf1714feb19b961bcd

SHA512
d59ae2f30d6b6f032e14fac1f15708c36e62f777687f915d836cd233f8a8bd1961aea2483756a81ccbb5ac8d5182386d7ab66c283a3a88f7e0cd921446071372

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c13371b5d0b3b5dad9f4e9747cac549b

SHA1
a6e44c84896231f535077f953538bfa588120380

SHA256
5941df56cc8916243e88f2deea9622c9311c49c822e54922c5295d4eecff8c28

SHA512
73657881bb9c421d01d61896f7efe30db5b66f5d2f81a4f3a7abfefdd7b5dd0f332710ecc05593074366084e4dab9ae971e9b8f583f9bbad9f06bf748830a86a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e69a601e858aa9598719e1b91940350

SHA1
2b9f2dff3d6f3cedb4aa7fa1623f67d29cfb92a5

SHA256
4f42930f02cd24cda7503a7542f8177017b9b7f9efd60b7ca8d6af252828ae7b

SHA512
16e0f18ba1ea48f8ae2ab1dc73dc33de05dff41914b2343ae574145acbdc03746986a8853cfa98b2f6f099c9db93975603206c8568d101e169c731571e718ff0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ebbe30dff918dcd1bff4782dbe1fc4f

SHA1
663f963ea25e9addb1b277ccf8ac5a97fa0aeb65

SHA256
17266dbd1dc71e591b309fc2215921c7d25d6dbbd71bf9f371e7748c08f5829a

SHA512
302516eefd446bbd8e7022fc20210c77556a86a98c928608b1f91e2a243926a66614de29c1be8acd608e0786880a385c85a87709a8e75986fc2bb045c36f0fae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d10410952f5591d0e4f38352398e0e6

SHA1
82340e5a5717d3a5770151df8d3dd1cae20d0a33

SHA256
0bb52126a4a1266d94edc9ff5ee589d01cfae03839f2167bfeed1ee9205826dc

SHA512
137680bf47b3b1507b27237fd33c5c0e4d9990b5e2840d7ae1fa7e919b2ac2aa8191b658a806625222b11276e57aee8730c949960f45ef396069b98a7ecf9761

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
5221bba1d1088b588f108860675da871

SHA1
20cfe3d90193bdacd13ac580b92c40317a4cadaa

SHA256
6b565f1b73a18688589594976e770382c4021deaa2823791b9f647ab52e6d179

SHA512
f6c4614cbe92640f2b9c4617babc9caf0588df8047802edfddfcf22a741ba8ab51c009eb14c49269e4005fcde3a84a6a3a5ad33748d6461d5281ea5c5cd744bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD9EB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE5B1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit