906c8af497a4de47cad9bba514584287c8b4a474a8b43c9d11e1a6e357e839da

Analysis

max time kernel
149s
max time network
137s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 07:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c86fe9ddad973c7bde41b074ca0a84f5_JaffaCakes118.html
Size

136KB
MD5

c86fe9ddad973c7bde41b074ca0a84f5
SHA1

28d048fa2901221cda729352466568df50993932
SHA256

906c8af497a4de47cad9bba514584287c8b4a474a8b43c9d11e1a6e357e839da
SHA512

566e73ff798fea722d53076822b1a65a5088f9c19751cee045698c27d257cd5ae1adc1da994e0b41c1c6cceee3d7dd9beb3b7fa425c8b2b01caa52549b35495a
SSDEEP

1536:SmBQryLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dGL:SFyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C1EEF8E1-65D8-11EF-A17A-428A07572FD0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431078579"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2716	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2716	iexplore.exe
2716	iexplore.exe
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2732	2716	iexplore.exe	30
PID 2716 wrote to memory of 2732	2716	iexplore.exe	30
PID 2716 wrote to memory of 2732	2716	iexplore.exe	30
PID 2716 wrote to memory of 2732	2716	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c86fe9ddad973c7bde41b074ca0a84f5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
7aa3d24bdebeefadec72e2cafec8f143

SHA1
65cdccd1b4c986479a81d9a21861942f1ce9d59a

SHA256
a8df40f3f3ddae4a07b71a4eeab7482e2c2f0a01ac856fea05d2973a94239979

SHA512
37f0779e8ffc5dc7b7f00e3d5fa233d63eb89d87a669127bddde7fa87f2bf84788f47acb6bcdee1043291f48346a9a01381d8ef74b2c954e907ad3953b29d171

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6fba6af1d5f9cde13789a508c3a7975

SHA1
d23c96cd5d0ba8ed34d2b2c0639746d22484b2fd

SHA256
165ad0aaad5c32f15b1c5f034ffc46d887d987cbf2aae5d8852af72d4273ab67

SHA512
893dd061d991060331ef9aa484761c4060e60292d15e638f0830c3c5f43a8b634aa20489af68cac72be589b4f0bd1d263a4d35abd17ca17f30d6b29e09b230f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ea90ab86f8128fc6ce0eb9eabb44fc1

SHA1
0276625f31c0a0743724095f65937a252f938506

SHA256
21ba7b4c9e3808c544d638d2705f86a1167cabdb95bfc6884c05425fdf0e1c42

SHA512
5983b0ff176e7b750fec4cce87c5d28b6b5eef1dde4192a442df6311829313da1021b3a7778ba297a9d4a1c6087284010c992c6868b37e9a1c285626bf72fe02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b93003f99dd93b501d8d4824520c53ec

SHA1
4a307b0eb3566082d3f983d7c9af4aea981818ac

SHA256
c0b56f123ad98a6139e72d294198c7e500eab285b212405bf3cf0baea55a2c3c

SHA512
90ca0e188fcaa0ca71f0b4d831760a19b7ce0d2b679172b20bae591e5cc574bb398f483f58e420d32b106606ce72e2a9dd862873fbcadfb386c219c0157041dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87d87fcc12beea06e13bc552ac5b6b24

SHA1
43dc8bb1cdcaf87557c3331b5239bca76e66ca95

SHA256
e6622ff348fdd55eced3aad7c98f152b00e4f467bf3c99297b3458f7d9487419

SHA512
4969dd18e279e00e3c70ac9513e2a3b64b71c43d569a51b4a322b3366407344616b0ef6f4d0a8c6f1bb345408e9642b8379b6556322fea986125e256b9f1b5ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe16e3488e6f01100442b47b233c5903

SHA1
b131bd3b3f91b31396633c6ace7d30dd051e53b9

SHA256
c4164402b4a21b7c20906b812bde095e3b7e9bc70b036ff9e3319c34079a69b4

SHA512
096e5912c8545e12977a2ebc1f098bd8119d626ac7ed0e98ab2d277206e04fb52ae9252318bf6a3639f679cc8a4c076e2b7e90cbae2d7c6841c9d9364fc6e153

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98c0e1e25e6ac40487b89451b7d46223

SHA1
62d7963a0dd2fce66ad51065dbbac4289d70f6cd

SHA256
95e4d0798361db3f1ca446860ea20e37209fbc5a2e2c75c17fa3a0ca8aae14de

SHA512
f29696d35d1d720314476203471cb35352160ff836609f6550603b711576ca3d78965213d465d457d9c977fc849f9977bff6938ab37d3d6223591765e6c40c62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b398268e94e6da299a2e67fe294e04c4

SHA1
46855045518e56320fd3fc8f7f6340a6e590054d

SHA256
8b4637b77e5f096cfe786acdf983bc844359a30772cfa745f305edac13d82279

SHA512
4c2a8c2726a49ea5fa3e118455242fb5d01e131866814e907f4e09616ce4408471cccff605e3de947282a395db5897fe5b5f3685618190502d1f702bc08461b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
530265261468dead721956039f29fe5d

SHA1
7ef5b2286c30487db23727209a392eeeaf299998

SHA256
28290c781df0ef72bbac83d78441aa532a3297ebd4d7d0a3f9437f3077071cf1

SHA512
44f5d5a7ca4a9152b541a51831ce9cc28d07bc424c49e925c424b679982ff0925efe2d8021e8702c4557b9e960ed79d1eed259bf9060127036988de0014f8ff6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a318306817eb0c059864595faa876e0e

SHA1
1f71f6e9b162028b2b06fabd070ae5afe07939ed

SHA256
7ffc4d300619b7c8ca17341c7766987c0c77205351ae3e5b760e4b820e91e267

SHA512
b26abdf740d7c449cc35ec97f46b7646774f2121bd0083bc115638b0b83cdd4d3360e0ee291f08288875db4fb5e85475aa461e3136ffc011a848c98fba9e6fc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eba63a1ac776fca87f3bb520c255f7af

SHA1
288c935e8073f6742098abdea087fd6f03746358

SHA256
f5aec190f66a20fdb6f6d805f4b27d34153654dada8b17d36117bf870ea8d1a3

SHA512
a00fbb5d163a5d6fb3c711b7f03f44f616e0558ef74027be7f62d9203ef3197b2836d294ee1eecc06679fd57768a827694f3a737d66e6fe82b43f29364a9e2c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
8d3dfdea575db65bd07d7e7ab6b524c8

SHA1
cd7f97b4c11ca04f8ca222a9e2e78a8e8678db1d

SHA256
b632ddd02a790b7d93b44ae4c439c5234df0a0a5d08144275ddb2c7cb0cf3e9f

SHA512
6f35457cbabc744a5169f1a5cfcc32123002d9a39687a764dd8a58e9c0908014ade57b6a560a632064e31db618dd689970ae1e27a69611d38f70a68b30cb1108

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3BBB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3BBC.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit