0a96d414f808b82678e6b141dc459f5094ea171239a37e5dac121628cb990912

Analysis

max time kernel
131s
max time network
140s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 19:44 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf4807f0511e5d09d85ed67652a50c7b_JaffaCakes118.html
Size

23KB
MD5

bf4807f0511e5d09d85ed67652a50c7b
SHA1

93e63bfcd96c671ea179cc54b70d66c8f5faadf2
SHA256

0a96d414f808b82678e6b141dc459f5094ea171239a37e5dac121628cb990912
SHA512

0aa476e4a45027aee6cd4305120350a0814778c55192a88cc600f2055f2a76ae28c60f617783e11cc8e3a5cddca83fc1d385c89810a6e127cb6f011f69ca22c9
SSDEEP

192:uw7Sb5nY9gnQjxn5Q/jnQieyNnSanQOkEntpNnQTbnhnQtGLnLnQtEqMBSqnYnQ3:R9Q/5GpkFQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430690515"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3A672531-6251-11EF-A1FD-CAD9DE6C860B} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2488	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2488	iexplore.exe
2488	iexplore.exe
2452	IEXPLORE.EXE
2452	IEXPLORE.EXE
2452	IEXPLORE.EXE
2452	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2452	2488	iexplore.exe	31
PID 2488 wrote to memory of 2452	2488	iexplore.exe	31
PID 2488 wrote to memory of 2452	2488	iexplore.exe	31
PID 2488 wrote to memory of 2452	2488	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bf4807f0511e5d09d85ed67652a50c7b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2452

Network

DNS

cdd.net.ua

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdd.net.ua

IN A

Response

cdd.net.ua

IN A

89.184.88.6

89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.9kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.7kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.8kB
9
12
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3
89.184.88.6:80

cdd.net.ua

IEXPLORE.EXE

152 B
3

8.8.8.8:53

cdd.net.ua

dns

IEXPLORE.EXE

56 B
72 B
1
1

DNS Request

cdd.net.ua

DNS Response

89.184.88.6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66d46f32f18cff4d931d96ff1d2ab88b

SHA1
a311fdcfb47d22f84fd63fb006d010164f6f7e1a

SHA256
1062cdc4378261b737f2363b65fe63516d47889647a8b71f66074341b52f80ec

SHA512
d9d3be8de21ed0289dc38762bd557ad90a8031c1b7d01823a188b0a748a09948cea4190782800799a97ba7b65a401564f0a6681578547d29ffc2169426453799

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c81b99c6dfb470fa1450e18f52dc9fd

SHA1
cec872817fef311b803b732195f494c17eaf88ec

SHA256
fbce7614b1fd4fb7ec9ae69e6400fd39c6df6f3ea9a807980b66b77ff8cb0a98

SHA512
b0dc40ab8be6e8b7580b546ffb00e5aef90be4b0135cfc548c792abf6a0233064cfc737b20949764d841c7d4302dbdb124e74f5749945ec3a9924dd3b7f35a73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de7a40bcb6cf1447f9aca42d3d2cf033

SHA1
4e70cc4e9ab0034c14206612ce6091d50ad11688

SHA256
c5b7e164a0e8f948547c3ce6d2a44d4831eca7c803ce981ec90230d6f8160505

SHA512
0e9fd5d611f092d395d7dafa42fc7c3a6c38c1a739e6de71142d0749d9f04546afce3f1e86b00bfe203d05e89307b157b63c21e32e18f63ad7f70389f994199c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84d6305f69c04bc76c3c2dcb36b60f71

SHA1
8a696c4046f3d8685230ab6c4f2506adcc903248

SHA256
7252444ce27ce5843fad6e90314ef52e6f56390312c782fd164c2f5609749809

SHA512
cead272d92938a8e26ec82fbaf45ce6365583ea5f853263862dcf9468197ac34061d4f6cca3dda8fc5316826167380482d516f5594ccf073aadbb2b97696a7c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b5bf11dd749ced4967d15e37de2d0ac

SHA1
fd747b66b4dfe39ffd4538a3fd451e171248f63d

SHA256
da6efd582a4f0b18eeff971a5a3c12d2186f10e889a51815ce2ef8a46422ad01

SHA512
6e32b3277f720f206484b1deb566fe330f52786311b68cbb9863b1bb062bbf55189e3066436c5b604f651b81918f13d68cf770f16610653be036e59ca80b8cbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
903a85620061b100bc1a3be3c7062701

SHA1
667368cbf5345b4d7b5aae18b6cead88eb3e8902

SHA256
6f9f6532f179b52d7da271d46476c8435751980c21dd31e4d927618bc48f126f

SHA512
d8382c4af047153abf497222357a21017a2dc4fef01632c8a0c79aa1559eb21441c415da9e3fafa88f4dd8405b90d8b8c373953e5cb89f77b57bbb2a7fe99525

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
390688bf92b851f9417d719897dba682

SHA1
cd138f6f08e8e7b0af314e7850c910980671a962

SHA256
105ade3be6555a3a52cff126fd9403ae7bc2e096e11fd2727770635e51d59c27

SHA512
33fa153fa025099d77b13251e5564c8fce7afb7bb2c425aec48617c119b37c74b195929e7169f2bfe4dd1ad81b44a98471e44ff58572dcd9cb5de20eb6916445

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
feaf034ff9bdcba82f393edfc81d6eb6

SHA1
74591ca27996d59394d48c9cf6cebe75450e48cb

SHA256
5ad1753402349bb9d2dabda14f3db2965561135f7199a7f22b1f0e7fe0863248

SHA512
14d72821de1625d1e2b52373989334a759252e7874b55f753366ab6daec3a5ac3ec9781566bada8661e19aa86bd38a03b575512cfffb44eb05ea284acf7ad647

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c773e91d305780c081e40987821ec484

SHA1
4cb7730ee634e8031497bacb909f162a2829624c

SHA256
be817d9b063c9e5a67d1944c0868a90c180f61e8fdf02bcbc2152361ad5526d7

SHA512
637c92b1e0a9c1fa4398c490b89ea0be2e3c848ca9da3b52f04575fd8a752a0a01bba8d20731b622b601dfc635b008dfbd41047fa750b6c6ec0c90bbbf01b867

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1537.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar15B9.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit