c88c32757ebcb1a99cfb60e889f898151aea226abb3443081a40576027cb94be

Analysis

max time kernel
130s
max time network
137s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c03bb4dd6e9676082693fb4b12be9ca8_JaffaCakes118.html
Size

23KB
MD5

c03bb4dd6e9676082693fb4b12be9ca8
SHA1

ca9e40aa5bc57fca3b60dd1fcd2486a2e494c6a4
SHA256

c88c32757ebcb1a99cfb60e889f898151aea226abb3443081a40576027cb94be
SHA512

32fcba3ececc5a0ab265a2088695da7f5dc0fa29d213a9b959c6622324a8532b89d1c7c0497214d6bc927bae6430e7d85cc81e9b2f1bdddccf37a68583a90aed
SSDEEP

384:62lIcEtm4WHGTHIbLf4Orvn6Z8Y/gbBLOXguLZ:5u82glExLZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B3DA84F1-62B2-11EF-B231-72E661693B4A} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430732427"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1344	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1344	iexplore.exe
1344	iexplore.exe
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 2524	1344	iexplore.exe	29
PID 1344 wrote to memory of 2524	1344	iexplore.exe	29
PID 1344 wrote to memory of 2524	1344	iexplore.exe	29
PID 1344 wrote to memory of 2524	1344	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c03bb4dd6e9676082693fb4b12be9ca8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1344 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a376b290ab77104302da8f17c3dc02db

SHA1
bda783733e56d1b428fda2b5bb724518d0939fec

SHA256
39f5d8e944a2e2f795f43c4eba4d80996042a818f5a0e744cb1ad142f257b67d

SHA512
25acdb72b8d2033b9b59b5915ae55ca4637cd4563a80a7e1eb7f02fa84d0b2e08058a33d2643e7a1f61a28ddd9cba56dfcefcf182eeea98c76e70aecfc6d52c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a91c65709d22f60aed4684b19690edc3

SHA1
1572f22a310445d8bbe95845502e626d98d70cc7

SHA256
15df593b6757b8a8a38e1d8f242c59bc843360885fafe59de83386f725bd7786

SHA512
466067e47f90af51c29dd5b89ee7a77be5c2e83c31c4d2f97cbbada4bab5680ca7f5df26f37872d73260a5578b0732536245f4dbf223a86b92e8099cf39e7238

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86af42d0bcad3f01e5cb140ceb2af066

SHA1
df3accf08c574e877a7088028af122a527eed277

SHA256
3d2a140a5992de32fc09a94d16331f5ca62926efbe6ffe45a45213ee48e0cbb8

SHA512
b0fbebcd63b0fa34e969bbd2c4c878ce6e6d24e3d8968dea6bd6698fcfa79c5ab8d1a782938eb8cc5c066e0015e310bda68a9a74861d647511e96e760b7ac757

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92de7d45837602cd5bc1ef07dc2ab492

SHA1
af0aae9d5d9a8e3a2296f8ef1f51cba72330b74a

SHA256
83ffe67e207a039df3a7ec3a1319e39b29e8c42364c679b3878c9d071d097012

SHA512
c572b9b0e7a593173ed2e674298bcf226beb7967866566e5ead7223c100723331fa84788723f3f397c28ff5bd0d67da7ca91c0bf3fd0327545dacf6c942d217f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff94ee8be5374eb908d0730bad5ed148

SHA1
cfb25e6cc4a091ccc8bc34bada523d2237c1842f

SHA256
b39c7fbaf86c38c5c351ef1baff410bfce6cba95a84c97458429fd068b5b95ae

SHA512
0c946209a96c594bccea93f034d2c3ee47bef46b89ecd368928f671998042398d3041be288eaa44a2cd96ccae81f0c35a377472cffd5bb43fa0e1c7846243a56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e031b066dfaccadc133887d456f0c06f

SHA1
062a37f6393003c4d034ed7c84b71a4dd8477759

SHA256
4ebde937d1bb63d04e723722c0c276f5431a82228845da7e1510c3db6d052f11

SHA512
08a64cd5dbbbae80763f392a7ae2b367b45c47c7a115d884c7e10f283061c3dc1946f729fc5a3429601abcc70abd16d490dff8786920dd6ded82df204bdc59d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eaf239ed91fabb76571fcd99378e84f8

SHA1
3e427e8b23b271294b23bb4bc7b6058be8f32f30

SHA256
1b2c40dbee22e6e0139bf5240bdc5161f817e612ba4bb45ce2c79dacccd83f00

SHA512
14a024998984f8479f4d088f76fe45bc357eea3542986327ecbeffccb60c87921cfe273fa9e3afbc8a6c058e59829d083b1d2fbc149ce5f741b8b426a75852e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8970ac23489dad1b5202681efcdd204d

SHA1
c5caa1d49607a889ae2f9db881758f0f446aaa26

SHA256
cd2316e7162842d6342a4e5b76404eac73c64a737956deef34685446fd5a6245

SHA512
f39f81cd2a315923f15767aa5a34e73af6e159f11dcb812b7766038eb427dbcf8c43bd34b227c3f0adfc48a04f38e19afc85f8d5148f42b7ded3ecc6491eb58c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f56c37d272a2b6e39ff18963f624680f

SHA1
97bb3c33004b083cba0ebdbd41bc04c47265d35f

SHA256
69f03d77311f71bb5b17cab122c6fddf23a508c8d37c8dfbb4d501ec18b457af

SHA512
eb768e35e7e6da27fa16a6953146bf8f986a72aa241d24295d46fbe823e4d18c4907b325e076dfa6fee83cf2f3978e22715d1f650ee4b421475e811b451ca45d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e3d70b958606cd4ade99cf0d3480f19

SHA1
f77e2b183d45b8ba286c53750a559eecfa7bd98b

SHA256
96dcec1610a87c91126a2337855932c2a8f53adac371e78b91600a5afad3c0d4

SHA512
9b4e36b7391eb62db51e8bcf4012dec840a9e563b73478026cf43d832645d6d510ef46fa032c247a67c5dbcd94beef4be831c5a9f679130f9b1d1e5096fc0efd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9304fdfa07f1e5af1e3da7792a44737c

SHA1
49404d4bc649e8a0538f6a3547af7212645f8ad4

SHA256
74918520a0f14c8e1d432b928e991ade0b927fe50f9faf469e6ea3450ca22086

SHA512
49520fbcdc99e7b4a63b81797368817e45a4878057b76c1becb9e49a8b7b049ee3f0b6be2e18c61a5d9f2569fe7ce63e7856260055eedc2fb54281eef668d29b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ec8f61f33c2caa315eb164bc4f01b23

SHA1
3c9b4ed657fef23bafab4b5ab62da8f1dc8b860e

SHA256
b7b5f83b36d9c258a1d5a065b85569595503641fffd73464ed8e952461108108

SHA512
d5c9cbda8951a7abc3766cab04053b79452841c042c2d848dbb247d43628d48cb3c994355201d386bcf5d68d98dc0846625ea8f3c7fcddd1059301ceeb284385

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3aec6bc5d828d4fd96bc779b5c36bcdb

SHA1
621a0e22253a87e2bf90ad439724099b6e88ca2e

SHA256
b64ee1c2a3338d7c2adb0f3821522e43008adf4dbd01e3c2bff2f0446a1e4174

SHA512
ae8cbc90dee2368836233abb56fa9e11972c49224dec3e0f59f7f26cf17b1415aaacbc848f5f361ddfc12f87e6669c520facd16cd7d50cd4d7e9aabf49e9b1ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0375782fe9a6374f1af71878bb166b9

SHA1
49f99753745e98b4ece45f9e6ee4c52d23ec7051

SHA256
0f9b2a07a271cabdcb606fc0278877fabce59278c3c409d19a0c5e49b1e84bb8

SHA512
a8a235953e5589b99a659f6babe755744b731d71fe13747adb94c570493125da2d561e6751ddf7f7ed927b5438ba2e99b990501f28f7efbaee638716c6c3b9fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f3671ad849335a2e8314666e09c81fe

SHA1
15f7864859f099dd0fb291bdc1b82c6b181e15df

SHA256
8a278ab997c9da4ae7d8ee108d5f5b5aaf3442f6389f4e9cb329da38614d5f5a

SHA512
68ae6e1ded5f7e138cb63bdf7524acd42465835e63d5f3fa68f4dfd065f26b8c16cbf63c29d81c8d602930229337608b537e69174c26dd59f0c168e33c0210d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a5af9a1aaf202a13a9707f7ffacd387

SHA1
00c2bde0de181cc9df73f2d06f74cc6ffe9e24b6

SHA256
ebe3372722ec98456de790e08d4a5ae6ac80c2cd8619b31294aa58166273dbeb

SHA512
120e414c7a49bf758a28e996f529a292188ba181020e067e8708728dd017d765a11bd0d6b90c0d61a527aa6b5ee9c8ccd9b25f5f6183bf59f6f4d9f800f294bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab121C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar128C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit