6a116061f2452d78db9327489dbac9953c2394505abab1fd16f96e74bb1375ca

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bdbd9757cf303db124d807c730a7f60a_JaffaCakes118.html
Size

504KB
MD5

bdbd9757cf303db124d807c730a7f60a
SHA1

46b1d3c3d533f87f7f0587964cb4e51d7de08ab0
SHA256

6a116061f2452d78db9327489dbac9953c2394505abab1fd16f96e74bb1375ca
SHA512

be91c03825df1d3b8e02d7ebe41b0118f2f09aebbd7b8cd16e6bb14295fdd574d1944381f9c126aeafa55660d47d71eacfe845c22a3d8bf0d4193f067a6a36fc
SSDEEP

3072:wP+IpBxYUV39zfs49PwVeL5PmPTmBcM2mq81k:wP+IpBxo4tLch

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C9252961-61B7-11EF-B34E-E29800E22076} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430624613"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2880	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2880	iexplore.exe
2880	iexplore.exe
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 2836	2880	iexplore.exe	30
PID 2880 wrote to memory of 2836	2880	iexplore.exe	30
PID 2880 wrote to memory of 2836	2880	iexplore.exe	30
PID 2880 wrote to memory of 2836	2880	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bdbd9757cf303db124d807c730a7f60a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
8123682d406a28322ade5bfa795b0cc8

SHA1
c0ee62e0c466f5451973799d87181c973f5cf9c3

SHA256
c2296956cfb398a5a2e3a711a6cc07dfce58240e3a9d169a671cf2fd2e802d11

SHA512
20f6302db3071a36a26c0d57c8e9f7f534b5ec55283d4317315283402434f20615e487a8c37d0a9552040aa22d4cb356252d6705dcde3ce97fef962a5f314686

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

Filesize
471B

MD5
af5980f62152bde41ba17b450bf4ea15

SHA1
2a364f2ab350ed65ac5609811c072c6f0ed677dd

SHA256
c670e4c51807b5cb1b0b3b50b732d767d221ff55be3aace256579901788a5df6

SHA512
5e059ddab576a166adfdd280c7adb20e3bd294acfd19ba2af76ba96c51fca54eeb8075946b871b86560cf5e622acc1d63e714bd5c692114c7c12d537beee92a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
d3eedc495bdb8bc730de1e88926ce553

SHA1
262fa1f6c671a7d3404ebe1d0cb132c7820d9d8b

SHA256
82d27ea54bdf6bddb16f7bd8de243320ec073b2a14eda63ba043ab8abcb30838

SHA512
625aa392fc49ea7fd8106354d200a95db8e8b972b8095068068b918d2538d8d051ebed27fb0f2664f54c9367107f203fca0510ee99eac5646021d2c382f1269e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
11785db361b766963b4795c4bda3b1ba

SHA1
a803bb8138f215be9b65b32f1021e59d6d762196

SHA256
2efce8a62d30e3e5b9faa53d6c9507d85130276f40f82004f9678a3ff2409c78

SHA512
1952cfad998227106f22c6a315489339da09d51b8dad2d227744c8d578f9930d74325987de2d3989e91d487918902c8e825d7819c9378b8aee91a6c102866ed4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6be838568fc141e1bc07aec72b2fb626

SHA1
8fc2aa7592ad353ad1fbc57ee74e75d696e767c8

SHA256
444ad6a0d3a102fac7963ad9445dd945d781efb6cf820b5104f8c3682d70888d

SHA512
7e01163e03a7d0d83231c8e076eb0a9e4e0ac12ddc53141ddb8eab3caa5de639a7eec809faa614b92f637fb4a9444303eb62c3821afd793cfbb76d45b1721655

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f10b928f7a98184a01f725a03342e0f

SHA1
325df1a2044d10ef089e3830a1c97456854acc92

SHA256
9b84c2337a99c80644732602a26a3e64e96df8e296050f4832803c42b262bf80

SHA512
08fc4b20b13a2b4071c080d250dec8c27bdbfcc086e252b65d4357c4a65a1f7d959aa529c572711444cc6787a06c6d38d82be0b406817e6aac6b2852eed0599e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97d147d9aa4b0a0299fb4185a09c7b4e

SHA1
cfe4fac9405e16e0eef95695e5a39dbe83c9d6c3

SHA256
c4c13e3ab3ec177ef8aaa3d0eb9f10dcd4758c0ce9b42b57910c97dddf6306d5

SHA512
eb01db6d3a2151000834bd1dfba05cc4020dce965f57d5a5eb9859cd6a1018c490b15a589ed2e56a2a36ad3c011cad7eeba5f2b8b779cb9fef2c14ca4ae0b1e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52cdd3c5105af4c7ac67f2467cde2d59

SHA1
07fc7c9fc2274e636384da95ba01f2163ca63508

SHA256
99e2a2bd695b6e17ba2a12fd3384659f4e2b1b7f83c05fc3cda133c269c8ec08

SHA512
3702405c41718ae6af8d4fc3cdb70167e721c99bec362369824f3a18bb8c78f04cd1953a6a8bfc892a953e6695b5a028f05c030de5702a5ba56d8a78c35a7f0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1260d229799e6f0819a86659d8d185eb

SHA1
c8fc0d98540cdc242ff36059fec8ef7c45e039ce

SHA256
a51435c1cdb5222fddf28f1a9d1479ff6d9a1e9ad90f81c447b5654fb6e3ca19

SHA512
574bddbe93d3717fc97bbab094517a4aa3cedfa182db46c2545ef49316db901b448a8edbf5ec72f0857b2a66b1168f84743b3e04d1ff911dd7b3d5928e88d3f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b5018fc27d5bb677dad70b53577de3e

SHA1
5fa549471143d5bb037a5a07998bb5951c284621

SHA256
3f6af5f9fde10afa8e3f8952090cce312ae06751598313835f7b86c58f9b2cf3

SHA512
ea158ccb5e01a126ae1cd0bcca18645e76a0ea2225a26ddbeddc83eed2195c6511b75472cdb14ab70237e537da1faff5e7319437b6a84c21a41b55e7bb65af83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1b8c734bcdd8e6255884029fc1e6fc0

SHA1
19d09bd9c0ba8778fca1fc1c40a9088af36103bf

SHA256
21a2df5a5296eb79ffb077199a843c3f93f8d928ebff2586956f6c3999029d2f

SHA512
eb4dae0059e458bed24f59ac933191005a78b9b5026bb128d474fce1e77013ec6da422872a7b53da1bff8d3575ae288686047c5207e67195393d6c9bc6f0524a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
557b0c6b95fd6bca0d9c6af4119b6c1a

SHA1
6d92bfe12620e6ddd12b1a0d9f0356fd3fc6907d

SHA256
02c2c35ba1649ace5b132677db567bf199b883deb12c02affe46d07d507c932a

SHA512
fa56d1faefecda0a5021713329ec09a78185c420f6cb73071fd5e62270105b518a8985f77ac8db9c87ca7bddc5f804ae9ae3ee869ac2b77a9928e19020b87592

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32f61a975f1ebd081575d7ed803c3603

SHA1
8afc361207a92a85e28d17e249a39b90397bd10b

SHA256
b20ff3c00c334ebc08d8b555bb3254762c3cdf4519b023b44027c0492cd0427f

SHA512
3b40fd2b0da3a0ba2d2d61afbe26706e86a25d5fa413b8b5fe82fd4d2c586fa3caba6086b48e4e7d0d9409b1221bf0ee8ec6ce91402f1e0b35bb252d8aa279dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28c49d7f720fe6c1d99c04a4e3c608e3

SHA1
ef300ae397382e15af35a0f34e6f5bb7f11683dd

SHA256
207fe3cb10fa1139a570944c92f69b63dc0bde1e55ed993554ed87985026109d

SHA512
f9bee730d80fe36e31c617d24db725c3bca4ab85a36e87cd4dcdd2ef41b151a1dfd47d9888f7eb21d779c0964f4b197d20060bce3ef1a3ac511462ebb2eaf255

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f76a5755e31b811e8cb28d38e83e6d8

SHA1
3cb8fe440dcfe11a30edc490f8fe94c01fe6fd77

SHA256
6a31f44d2f8c841137241ef81225445d252826af88185d6b9ac6e3fc01d83e8b

SHA512
11c996be8b93f2d86da0f5de58141bc8dc9900704dbf1708001c8895766c7af469dd6efe43268391e7a32477aa7ff248bef2c912372a80c9f223dec943f71f94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
321c91f6e6d8c12081865e6731ad2d18

SHA1
911bc21660ee535fde5d9f6a49f7110cfa6cd8b7

SHA256
0534ffba733868570169e88cb05d575b8fef145b179e4733e6482dae746d2551

SHA512
0fc4d740920431b0d5888d893c5f32e9673a8afe789e12e225b8817db4ced2bfbfa0b865f4f22708e58b214930cddcd6b002a93e6bddb1230092c408f6a7325d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
5b9ebfd033d296aa6b7403647d09e506

SHA1
567ff7bfd4418f9bb61f9a450cef0c6bff51db16

SHA256
49a1e9bd450d85a7b24f975c9d816fb4c78a1f2cfa332a27d28e10ea51d70651

SHA512
2747c85998f7a0339dd06a892f4c74787cd704a0a7a2c91316a005e36448dac30c65e4af519315a3037d34c30f0d1bf2b124081390a7538472f29d883aec6249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\cb=gapi[1].js

Filesize
135KB

MD5
cb98a2420cd89f7b7b25807f75543061

SHA1
b9bc2a7430debbe52bce03aa3c7916bedfd12e44

SHA256
bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4

SHA512
49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\platform_gapi.iframes.style.common[1].js

Filesize
55KB

MD5
aada98a5b22ec7188655c2c17a083c57

SHA1
7c3c2fb8744e7412d8097e28f588788d91b9cd9b

SHA256
f2f09baa213dd3dd95edb5a30c7764e4a44d9a79c0831f90b1ad8ebedec9dab8

SHA512
a780aa3b9e36f61be8240487e75c19a96fe26d54abf9006680a00af9d1d394e81e517f0bbbc13edff3a7190679260ecd56fd5cdd7c2d2f416ab8982c3277b953

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab70AF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar70C2.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit