d49c222d68ebf9a1a29885bc71985cb91385905e91a15bfe339079898c10659f

Analysis

max time kernel
150s
max time network
156s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
28/08/2024, 21:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7a64c27720e1c38ceba73ca9dccda78_JaffaCakes118.html
Size

27KB
MD5

c7a64c27720e1c38ceba73ca9dccda78
SHA1

6f2f65ad4f5bf5826d32fdc115ddb87d791b8d2d
SHA256

d49c222d68ebf9a1a29885bc71985cb91385905e91a15bfe339079898c10659f
SHA512

cb4ab47899c2cafe18ebb803bfaa93daea3da53db5315539e934d4892babc2950fbdba58d1584b07197f5d397159f84e0d9e96d0bf69a5492a0eea57070e74c0
SSDEEP

192:uWzzb5nxGnQjxn5Q/1nQieYNndnQOkEnt3LnQTbnBnQgHC6AzBEJWcwqHAHGCYrq:XQ/eBFKMi

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431040984"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{390295C1-6581-11EF-A69A-C2666C5B6023} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1644	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1644	iexplore.exe
1644	iexplore.exe
2644	IEXPLORE.EXE
2644	IEXPLORE.EXE
2644	IEXPLORE.EXE
2644	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 2644	1644	iexplore.exe	30
PID 1644 wrote to memory of 2644	1644	iexplore.exe	30
PID 1644 wrote to memory of 2644	1644	iexplore.exe	30
PID 1644 wrote to memory of 2644	1644	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c7a64c27720e1c38ceba73ca9dccda78_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1644 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dde2f378251dce17dc0afdc675f43129

SHA1
9859e43454ed1cbacb4330387e0e41d3024f63d0

SHA256
d0d7a9d197104be21eec6e7507a163d51b129965240ab5b8fb0ae91b1b56bb36

SHA512
40d43a544bbed6818170df367e6c4882e19b7fb715e3af8c313076eebf69de846c8cd73ce53b811d290194b8feeed86e47916ab60b1c7b5873504886681bce98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f9172418e00c314851fdc4e5646b7aa

SHA1
093fa4c762dd134c1fba8d42358cc4c20ff751a5

SHA256
caf5344b25b879c93d4abbcd03e681ff13c809fe11a681213bd3ab79c108b2ea

SHA512
a7d7be808efc5f321ae02330ad4a105c812bf2396f56694dfd290437e9ec290129b56078f7eff310623f150fd487f62e616488403ecbf2f903cfb5fdcb56d65c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b741261b7457aa314524d8586e52f164

SHA1
bd50bb5e81d94dde72daf434044f1998040cfc43

SHA256
c8fea6fcdda596a2a40241d6f0a64abca140e373186e2c83548bf60bed9aa43f

SHA512
b88cfc6888cc94e82922a73ed686a96a421781ab0dbf143819e382c55b2e20baab476e05d4f734125636fd9ab19d3fdcf5a5e55303aaf5e548fe99c82f95eb8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9cbd6f17df31382654f5a93b0b0ef9fd

SHA1
d97dec505a42ab08df880f2c49681e01ef5eb0cc

SHA256
4a85ebf5413d2439b9decd79b1695dd068455586f6eb58109663af20cb7906e4

SHA512
1a3f18599a985a3433252a8c5f6ce6362d1b06a2347cbb3abc70638850decf414eb902a97d857e11c5ba0a6e40a60fcf88b3557fc13d473b4dd61e8dc11405d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8a1d264861e2bd005da339975896832

SHA1
99fd5d801b37113f8b86111bca09a84605c10efd

SHA256
fd565ef86919acdf2ee1b6af9620ff5905cf308a8c8c87cb4bc1f34b407d8843

SHA512
192e98648ecefdbdf31b754cc73c56372cc56c4377003c15f63579286c65a3aac87cef4d278468d8194af5bd3283c1a76124b53a62c9675620caa6b8fe2bd3f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86f1a720854ddbbe9398a06b226eef7f

SHA1
df108623970163de394329a711b4cd43626c13b0

SHA256
c8036f5a495b15799dfb767f37ee36f37618a0e4766a9381ac2fa7305f167240

SHA512
06a7efd7a6095d631dae48952cf6c01e296ee0174916679edaf998ad3e29791884410bda7349ecf4d8201af5b14be8528f711481e37ecc5f6bab48534def45cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c6db1528df3c5648927d8f28957cd86

SHA1
0eafe834f1214bbfa86115d987045304348c1b95

SHA256
44a16365c1c57b43c405e83d48c84dd74ce761badddb649d8e039ba575986238

SHA512
3b0c8c938874326b9cd8cc4a6239db0b22df97aeaa7ed0e2f420764d6249eb2a2f22df663fa70b03d37772996d977fbd7c090b177d9c8daff76cddde6a8908f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f6486ece9e426adcb9aa52b29879d99

SHA1
718d474aa8fee1a52e1b319e9eac2312f71158d3

SHA256
117635d65352992bea6b71998b0b8a5421cde0a7d57fee87739e1a7595d4bfdd

SHA512
3ccb155ddd5d6e981f56675a947b9cf504b919f14cc7efdfdd2b6a86a116d29039e1ed8787ba28c17c52fb230f9c9504d471d090b0ccd688ef56d43a140b6a57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02d91c3cb722874094caaf1b523713c6

SHA1
d11ec40bd67f73df39e135a1c6888bf506c5c303

SHA256
637417c5be86bf233e46615c12d658e5c50471fbbef1096f579256e251761d2f

SHA512
cb04ecbf57534bd8b81ad5f1f09d2bae2c801f14c8c543f812a5af614c4398010a6c7e3c3279188d47236a5ac066ed34cd3f1a2ace1ab5012693c350c5a0c1ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9542f41f2fd8b1067b3439c6c0cb3bbb

SHA1
243b428cd87add32f70a49190e33e298675d1115

SHA256
81e5002735aea37491c5e4fc0fdcb6ecd030210c0764171efc31ee5965683f05

SHA512
7f99bd3b6d76729f9c37fb994210ba93f3e805ea245746f550c37aef4c8fdc544b65f5a7243ea6ba60aaf9845e409ae3bdf24d052d5f56673ce3667afad7129b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2837e954b66f62a1b3329c9621162710

SHA1
ad82f4dfb2476789528f8d5d2440717423b6e61c

SHA256
a81c960f68fb048ebd985bf275f9c60975efe6735da793f7118ee135ed46e573

SHA512
628958b73839cfbd4cf92b7a4132a98ef8b6c91442bf74f1b344ee2809ec3b15f5e7df3b247e1033d28bb66e92ba4b30f8d883eb050f396d1281b3c8bcdc06c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d43ed7b14b01601a48922c61406a3e54

SHA1
38ae96b5aee44d63e7059f2f8b94c441889c5204

SHA256
a26a3479b47de44f0f061b607a96fa2f1bdfd5bc1b699adf193bb407e728bb2e

SHA512
0c6cf8389ff16998ef67296601ee6304d5f3f75b6222d93b0f07737fa62ed8c92665b4cb29a7c451696ba99c0f29842f43bf59cf4c60b24fc23c09b296ef9a7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8316.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8404.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit