9ce5feea92878ec2e3ff35d9e6162cd01b93d3b611eb93345cbcac97f6efddc7

Analysis

max time kernel
131s
max time network
140s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 00:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7e5eebd57bc102ecaca0a8a1b76d1cc_JaffaCakes118.html
Size

22KB
MD5

c7e5eebd57bc102ecaca0a8a1b76d1cc
SHA1

ef5a75a81a606d46044c31b1128f1a0872120a1f
SHA256

9ce5feea92878ec2e3ff35d9e6162cd01b93d3b611eb93345cbcac97f6efddc7
SHA512

9ba2ac7d203999e61e8ac9fd8316c40a9fda4785b124ceafa89cfac9dc6700acb59339e7660109b65c6477ba29dfb425de44d282bc5d75da3c45cae513fd9e79
SSDEEP

192:uwPbb5noTWZnQjxn5Q/enQietNn21ynQOkEntOUnQTbn5nQmSOx/5xHMBNqnYnQr:aQ/A17Zxea0K

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431052069"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{06588701-659B-11EF-971E-EA452A02DA21} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2444	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2444	iexplore.exe
2444	iexplore.exe
1188	IEXPLORE.EXE
1188	IEXPLORE.EXE
1188	IEXPLORE.EXE
1188	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 1188	2444	iexplore.exe	30
PID 2444 wrote to memory of 1188	2444	iexplore.exe	30
PID 2444 wrote to memory of 1188	2444	iexplore.exe	30
PID 2444 wrote to memory of 1188	2444	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c7e5eebd57bc102ecaca0a8a1b76d1cc_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2444 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41a4bbd065fbc1841ba8f20b1a229289

SHA1
74ad61ff4352146c9b7aa2eecbecb5d9afa33a7a

SHA256
40b6b89f2e03da0d4567b1e3adc3db7d2c5f564a0a6f3b061d5e72b7d75ca6c9

SHA512
71ccbd46a23c54b4417b00e27ed90e944735eca15b6e18bb06c123c202123bea3eea51a9ed755993ac9bc4f4161aeb54fcfdfbf168e53840b6ad2940bd7d7e61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecf580f98a622e7bca1811fa3f63cc19

SHA1
00c37c1bf6b6ff48f3775bb07b5341245f4c79c6

SHA256
777beeb6090312aca0bc35c8efcdfbbb8fdb72e65404ee1cb19a424e4133edfd

SHA512
6b17dbeec9ef4f9b944f6fc9e2b873939181a5f97779bb10edffafd2293225bd81ba79f834d1ff2119d2711ddbd66d3234cccbc61b76f940f9dff2582f411373

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b4dfcdab0152deed8b02f749039dd9e

SHA1
b9f90b8a4f976ec8d931213d29cfd6da7af1b372

SHA256
1f098284df7248406b68d6b9cb2f0005f0bb94e2d029bdf25b840c92b85f02fd

SHA512
7804e09389e34f2f6f2a40460ea68cd71c317a24212aeb0e63c611ef659fc401a5b986a129ab7ca511bd635e889c68f817b2029e50610fbe974dd8f2e0a598f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be399f9085f386f2536905be7f5e11bc

SHA1
9ed29038814420c61b575219f3575c6105a7e49f

SHA256
56c78f144666405ea954b90ea0c55b06df9ef466b6077d716bb7f8921c6c5aeb

SHA512
20dad00aa391ab9bf50234c08c8817fb36ff40a202aa3bd59e28cd5afa5f377102da6d17187d014e11f00de5f69d75c8519a7b433afdb3b9b28eae1e8d991fcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce5966df1e83a9c700e1d1e9be68cb43

SHA1
d0f77962b6f5dcb89daff2cca7bcba382bcff18b

SHA256
df0028964c8cabc9e776148aafcf975279080fee35ffab0b23c8211f568b8d92

SHA512
40bcca15bbf8dc60ed915ac73227dc73bad353b9b8837bd717a2d0a5af86d1541bb4aeef7543fec64c47de660c47ec60871174f55ec09a3184be2a11a3ef743d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44b099b78c7885916b00e48809ddfa0f

SHA1
00fcb4bbe9c6080e866be973be0340d833f87323

SHA256
d9fe71619e9cf4a42dcedd390b173e52acf39a080e7b09767fce0ac7e9641558

SHA512
3cd872e32fb035c49f26abc15f57b46800f324cd30e98c6e6d2959973b6f4645cf4e976208ea59263252ca0c2ec3fc140a5a786a426bd8e9fc9d22212178c8a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00706e190583c9c6659fc2ea6315adc7

SHA1
5e2684374be579f6b3e45f1169b4c4b476719442

SHA256
86d4e7f19b775c401f04173c2b08c1742c2c3af30ae765f0b4cff1ab2aa573c1

SHA512
cd1deb306d55c5a19396a9e642ba2af66828f15534e04555064de8a5a5f89aca3703532a63deb1083878496896c7cd94a8f4b1cf3bc255dc9e81cf695c49533e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f79760385adee8b1f420d90f68b8e5fc

SHA1
f27ee791bfc7f9c20d95d18cdff653d524dee546

SHA256
096206f411b7328259bae4ddf591c120144ffffa41135c5e3aa6325e363b5273

SHA512
429e84a288ebda5faab312103857a4836d01c110688b76d58c44e6bb53fa704555170eb883207f9792eb1cfe415e9ec36d16c5d2b63e4627ec7e51a1abdbcd32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b77c17b877af18af674bc81cc69e32cc

SHA1
6df891811f74c73861f24fa575898b19d50cdcde

SHA256
ea62aabf499229e28a9b189231ec5aeafa04cf84fe343cceaf4e8ff95696ef23

SHA512
bca8379f7efe36dbecf05df0a550b66ae2b3e5d22cba7535db6c4b46cae840a4e1b19fa006ef7c6e1392e6d9ad6a573f35bb747b6c4a17f084aa3b0d9da403a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d37b081503c78a466043b8f7e1efe577

SHA1
4d5b18e1cd9b85981818bdbfa038a17596339983

SHA256
de133ed3d5dd7aeba535aa853c30c912a1ec2fd417fb346971a78d23c6c03fcc

SHA512
0ce12b5a1671e46e1f4d87390827c8729218cb447d10f1ffa68c82561d0664efcdef20dd8015d024f7835afaf78c3b338bad189f8f68008a91df9befe548203c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9FC8.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA8A3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit