cafeeb027bbe1ca199b55a76df53b8a6dd359bb0e19c8d0bc393a8b1206a6adc

Analysis

max time kernel
150s
max time network
149s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0542100bd326832bef2303fbb2571a9_JaffaCakes118.html
Size

85KB
MD5

c0542100bd326832bef2303fbb2571a9
SHA1

89a2822eb1363b7359fce36f2e9257c6c6b83762
SHA256

cafeeb027bbe1ca199b55a76df53b8a6dd359bb0e19c8d0bc393a8b1206a6adc
SHA512

d4f7aef21806f64bab9481a730ee4304239dbac4b74efd16a739e78df9aa613170c58727311570b61bfb0ebc4b6168b863d72c21cdc873b6f2d5f36251664c53
SSDEEP

1536:AK8kEtdoLTCUFkcPI10lTKX0Ckpoyd7CS2NNw7lACkeD3tvDj87:F8kEtdonZFkc5hKX0hoyd7hENwEkvi

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{513912E1-62BB-11EF-B9AB-7EBFE1D0DDB4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430736081"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2680	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2680	iexplore.exe
2680	iexplore.exe
2412	IEXPLORE.EXE
2412	IEXPLORE.EXE
2412	IEXPLORE.EXE
2412	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 2412	2680	iexplore.exe	30
PID 2680 wrote to memory of 2412	2680	iexplore.exe	30
PID 2680 wrote to memory of 2412	2680	iexplore.exe	30
PID 2680 wrote to memory of 2412	2680	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c0542100bd326832bef2303fbb2571a9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2680 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
a5e5d25a9c41a399153678acfb6ecdba

SHA1
e66093fc6dd7550d33b717a735f20be7835ba953

SHA256
ec4a25dc2e44302fb8fabacbfa90cf92b50499b462e0be3a829e217c41fada88

SHA512
9740b588a9bb231eb55d1e8cd043f45024947eb8ae9db97087e7c36e6948c8bd3f0c21bbb650dc2a617600a5ee84d0e469867e39d93cc3606e0cab6b2508d711

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91cd4d94616ebcca0810f87e53b23ead

SHA1
1f8c27adccacc8ed3c756e4a0e70a09c5a070a8e

SHA256
732cbc05082279f2fabd2705f02f0bfb998fce737efbbc1486b9b3985cfbadf3

SHA512
0a822388b065ed7f2a3fd5f825c5a06b2195bbec6031f4447b7a40c2bf9298dcac5cf0e056a32454b44aeb0b72a663e8c0f57e09a282ae90683c43d17ebaf617

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78bc0e30d63ddf7b873e6209efd93db4

SHA1
5e7cf92d31bda73546a4e5d6fba2311d5449c734

SHA256
66c939b5c1d14b8dcba3746e144d4552999285b3dbf00e9f9e83ecc19c181e0e

SHA512
f845ce17d99b151232b16be4bbe97cf49e10262cecfbaf045093f1f0f647c47770fee779fa66c3a93fb0cb55c1b2a415f83da4bdba9d5d9ae382b8099ce53a7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
366b155efec7f7bfdb2bdde69144cdb0

SHA1
7ae4d3803f48ece508c90bc22abf7f607125bf0b

SHA256
435295093bd75391c03d33c88799149a0d7c388d842bf401fa8ce146a9458300

SHA512
2acfe79952023a72218f66b2d7b17edaaf4f07ef6a54146d1929f8762cf304a2e9a03a0875ab43ef2de47d6719e7d6368483dd349a921e9ba82a96b4be4c8cfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c998c0846b9f122e1d291463be01c976

SHA1
08f31f4f77189deba8690ee8717c3e238070bff7

SHA256
1229015ab8c018de22f160be982a8245889a583ad4ef7cf8b7c30aaa9f8be816

SHA512
39bef46651dc91b4eec50aed13f5d5d62fda72c0945fc7e5be392b15b0a562e5f644f0c7f4c5fa1bf6f62b1a4cc7ad9cda59dc5b4ead9a8892ef05eca0639177

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bbdc32d04c86bebeac43a5c17e675668

SHA1
0efc44ece80758216c57e8270257ebfc04de2780

SHA256
32fa73e45172b9d19f1e0ccdec46f5083bf6515a8211f4a482821642db0eeaab

SHA512
f65e89689c373f3899639f7563875d9ba25302b20116cc557b1ab0e1c6862408738c6c4c4c0025ec4f06275301af9936b37e506d57c8aa3dff7645cd69b96c2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54261ff35b933f66eadcadabc8c6a570

SHA1
cd96644714d436f795dafa7e4c80df2ef0dd1b58

SHA256
b52d6116736e075c6a037a589f91b1b62d1a3ce168a9b713b48c1fa3b3b0f44c

SHA512
95f3535da3928314568369127de975da1f1372b8f660df9bdc4846dff5f676921bbc8f462bd39d7ed3b10e756f93cc455f0b566c30d5530a82d3a623b9d741ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab644d66e11653c84c2dc01878713d2b

SHA1
b98b7b798cce61b093ecbf42f8afdcd0a998212b

SHA256
c7bb58c038cab9be11fba80fc1cbf6d34d84d6bace9f210a2d7bd9102a411205

SHA512
e97db989c44f0d670a721abcdb72459e7c8ca299d4d1f158822d5e087031cbd4cc3a920f63d9e99da946107aad6d25cae9dff51e7bab885de44a5b4ccc66a2f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6c88cb84a2fe29b82c97c38d929cf6c

SHA1
fec5aa857409ba9167e62523d7330d33953a67bb

SHA256
df0f74bf88848f81229c8af060e50da867b62de640063ee53d17fdbad4bf929a

SHA512
f8b84da30a81f964cc908577eb7c1620d53d311d874f1847ef68a588ad18174b521802ceef96d0f1b49ce57cc5cc59bea2487a955d3bdfe419ded1436a065e33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0940827d6f52307e725e4ac8136b19d1

SHA1
98876f20eb412f9d26bb7e647e337c0ddc2ab1a6

SHA256
a7a42d4eb8080318cbf2c300b8829e9c3c1003657753ff8338c270a9f5dc9c87

SHA512
317311ad55e110b988ea8be0deceee563596a18ada32e8b3abf1a18ced74801f53479a1575a57cd9de29c78e949008ea3c010f292b08b37f907f88c8be0fc937

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
1f7c4764c28d6e9bd0f3101e0bd240bd

SHA1
dc25a27e30c1f836db8e7592b1a1facf15693817

SHA256
112bb6c6323567d9913b14b5ecdd20fd099fc1ef97e5cef863116b9ee2317426

SHA512
43912cb9e023f966c0ab6297f7f6a3f1e30a6b5da994b888f7695772c4eb1b055e93d20290d66dfaece683c1b71674ae10d363b1d2a54d2f69241b3f945819a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB71F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB732.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit