a0b4a5a9bd4f6e738ef4e59c9bc7d25f828bfa01ce6cf0ed996a4758fa242ff6

Analysis

max time kernel
143s
max time network
154s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c85e34d6a4ff82d75d7cb47211d88fea_JaffaCakes118.html
Size

138KB
MD5

c85e34d6a4ff82d75d7cb47211d88fea
SHA1

7778e95659711152f7fea8107133e57229731c6a
SHA256

a0b4a5a9bd4f6e738ef4e59c9bc7d25f828bfa01ce6cf0ed996a4758fa242ff6
SHA512

cc8c6d7a2656580ffa3ff47e9c940ab2889e373a31ed79afba2732abb036919e7ff5c5275ca2b97922dc0330b6dba012d119aa052e73d53ec4705180c8e71a38
SSDEEP

3072:SD0nwYascN09VebG23bzN+ETbTt5595iugi/RHtBDVQn:SqcN09VebG23bzN+ETbTt5595iug8RHs

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{93421071-65D0-11EF-B137-6E739D7B0BBB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431075066"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2444	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2444	iexplore.exe
2444	iexplore.exe
1536	IEXPLORE.EXE
1536	IEXPLORE.EXE
1536	IEXPLORE.EXE
1536	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 1536	2444	iexplore.exe	28
PID 2444 wrote to memory of 1536	2444	iexplore.exe	28
PID 2444 wrote to memory of 1536	2444	iexplore.exe	28
PID 2444 wrote to memory of 1536	2444	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c85e34d6a4ff82d75d7cb47211d88fea_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2444 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
7a6a7bcf584e75a2edc7bf757e19220a

SHA1
bd34438f5b57fbefd161a2f35d99c0675daae934

SHA256
f939220fcdcb7dbdea4e179651fede050c398b67c92d27ecf9ee104ecee8760f

SHA512
3d2a43d8983e20defdfefd5071945606ba123fae2c769e3c06e01c9725e2f95b9ff8059215467a131eb235572087ab1b52a26f51c5d0b775830c8d53caa8e3e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf3566860c9b5f7d6445bd6be3311019

SHA1
a72b0d5b944e3792923528d2821b818670368250

SHA256
dd4cd212fe320358309fdec5b697129781835ccbc3a339debb23cb6fddc6bd5d

SHA512
c6da5a364d8e9e52d3cf3ca92d4bf3bbe3805952e37bce425a211faa55d13093b4c14b484f1035c205605acb79daf76491355871b2db939c714530e68e8b8158

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f2a1cdeee8587f6c9b69b91b9ddf507

SHA1
269797b82eda2e9f6aab2c7d69d11310ca6ab481

SHA256
daeae18d185c39064e856623dfe261e828fff937c3d23c682c28a9401372dd7b

SHA512
50a6ed57d18fe2cb905a05267412c5e055a77ec566c13d0bdfc70805c2725ecb6410d8d2184ca3e4dd8148b94cf55ed796b6e258b1b1631c85a0f711609f3c5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9823e27bf2014e904112c06ac3ca9fb8

SHA1
e12c811096955b8186cc651b9bc04ea10aaf0ca9

SHA256
6657960f7fa796c91fc2764119dc60a5a3d5e7d9c3a4cc9e21a8b010c6326ef1

SHA512
91c6d4e207f51c0e5ac98272692e2913916752e781f8cb8dec4ba3dab0c4efc0327e70add40a89b257f5cb047ecedabcce31ddb2fbc84f9f81ca52edb517280a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e73a333bc0c2240364cad8dd4a47b62e

SHA1
0a978a77a62dee30e1f0bf1283e6fe0ba021af5e

SHA256
2259b0a3b45e6f02abf7005b57273eed1dd02b8db41d20c8161b6508673a7cc7

SHA512
7860f33ac5eec53bf67566d028c81f14bf93a5fc99ea7e6d3d4bef341e0cccb93e783c3c9082023b245126502092dce9d1762e5a73bed940909902d8934dd687

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6087fb265a800b13d0cc783ac3d38efb

SHA1
2753ba022ebb2eef16129570962fcba5f6e1c48c

SHA256
15793b4960616f751e0565009a5c5e88f58bd7715ab7b12b0293c881dc6bd03c

SHA512
e41b4bb0abd7d963cadb73fd3b096aabfd7beca3cfcbad1055d7ad5d76e2a01d207ec15e14c72f311298518452d5e2ea4af288b3d198e3f55f274755dd5db564

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b68ad36a00bb5bca11ac0ead58c2bf12

SHA1
13bc8c99d1b5a2d17ac15be7d83ee90fbb283090

SHA256
665d618f438d29f66eaa8c106e145acc200071fc3376e40b972c0a648edbe8a3

SHA512
fbfe8ea37ecaaefcb2a73f5c379419c1fed03e4f297e661e25af21f7c908bc6081e0c43c7ab8cf3e3140f58e08e1fec34482926157b1f889c5311f88cbcc1192

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
765b4bcc1f5ab568dee745a79552fe19

SHA1
3837f14368a819489c057ef0419ecdd17cdf04ed

SHA256
4fd2182ad341cec38636e78a3c5d273bbd4b6e6d52a9e759b88ba3600a4d059a

SHA512
c8fd2be0f58def98ca782b655275cf2256485639b6d366bd40b3b09d2b54a5f031dbf530d4dad2bde57aa080646ec776253d1e11c4d84a3e93ce5ab048b309f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f32817f50279f8fd0ebf44f272269a3

SHA1
a95e9d4b77b01641a49b77264870c2e8fb2397c2

SHA256
1ab60a764352b36522f51b0dcc3aa41fa83679dce22357c10ce5592cf781617a

SHA512
534d90cb8f64df79c477d7d9a2c3a564c53b193bed7a070e5c92508096da91aff5f88b7cfe2028e115a526586b302b6d3c4db37dcf4939931299edc64a236661

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
713c2aabfbf91d980882d2dad7c66a5d

SHA1
141d90d2358e8e40ae600263a160a2c8eacbc4ee

SHA256
691aaee745499b0a927f4934cdb749f5755f8a51a1cf2ad430407aceec1bb82f

SHA512
f55b34b3730298e90001432005600c8c238b1eee4175ef9530816fc1c13b64d9927fb42673457899fd02abcce1361e136b8957d2630612fa1eb24bcb3579858e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4deeec36ec78e48a5a7e851015ca55f5

SHA1
7a3f8cf1f109af4aecd5156e353dc43bfb496fb6

SHA256
4143f4df20d491d304c1c5e7e18e297ad12a8b4fb3b2a55ffdc0d7756d4fc42b

SHA512
dfe5ad4ec9fae032c31865a708ff499813c725bc6c166b9da80e8819a16dbcdafc7cf96aac6451158a8eeb800dbe25040c48aa4f907932f310735470ed9ecbfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
783cc87ef72846740afa7cd9c35d43f1

SHA1
7f9a59640c93d2f28890c341479eede2b77b02de

SHA256
4a7d52728efd5b5cccee43ecc4b1f5d4d5bec28e9f5027226dd9beaa4a797d81

SHA512
9f286aa6665f0760f9f30ad57bfdc5c9ba78d62db8a8666dda139e1cfbbe4f69ca1f5a8aee7508bfeaf725afd9534ec69f34c4a67152028de25f7ffb361c1bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWMUP5AI\e[1].htm

Filesize
47B

MD5
06b05ae9614bafae9b0b09cfbeed559e

SHA1
9b087683529b7b89a117b2d5cbb35a93e7dcbaca

SHA256
a60692031ce09be66be89784e8b0214c0f8b6f52cd8fd6a36129a635ffe41ad2

SHA512
f97936b6f3dc025fd55cd6a9bb59bfd3a58ca1d03e0fbe68bbb63e8a1875814fa8c367bda3b59029b549a5aef20abb5bfccd01cff1546ead70f6b07123be11da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab402C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar402F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit