3dbcb9001fcf96c3a7b789dc0c5ef7ae595f95e8a0921327d37b9eaf6b6ddfa5

Analysis

max time kernel
119s
max time network
135s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 19:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d048d8e648b6ecda9e70595cc9476550_JaffaCakes118.html
Size

49KB
MD5

d048d8e648b6ecda9e70595cc9476550
SHA1

edc95d5395076edbfd8feba5651ea062a6a3b97a
SHA256

3dbcb9001fcf96c3a7b789dc0c5ef7ae595f95e8a0921327d37b9eaf6b6ddfa5
SHA512

c7ce2d6ddd182d3f058c13228fd4dc0336bdc0f21b7b0acdf0632876400ac59855f57935c1b58b88291a273d0632944192ab9ca32fbb430f43bac12ef3c708e8
SSDEEP

1536:2aJ0u/WWqljIB/34FXcVV/oeZdMeCz3O3KizpYEy02Wa:2a0u/WWqlZPeCz3O3KizpYEy0za

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BE1D97A1-6C84-11EF-9438-E643F72B7232} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431812161"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1384	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1384	iexplore.exe
1384	iexplore.exe
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 2132	1384	iexplore.exe	31
PID 1384 wrote to memory of 2132	1384	iexplore.exe	31
PID 1384 wrote to memory of 2132	1384	iexplore.exe	31
PID 1384 wrote to memory of 2132	1384	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d048d8e648b6ecda9e70595cc9476550_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1384 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
c684c125bcbecb5eff4d90a26550c5c3

SHA1
7b904ad415a78b541827368c9c760a3326f619a5

SHA256
e7e80a37c8fcb67920c3cef54589340c0baf1245accd0688664a23565d4f0a2e

SHA512
5d9a5cba3b5e4e1f4bdad757eab0e4c36594a5a3af862af8a76d12bb12cd293d3896d31ae3204ae950028b2ffcaec48a5ac32f02b1e7f820e11182c8770958fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
979B

MD5
2120db7b97245e396790235dbf17f21f

SHA1
37d19bff7ab45fb290964eb972cd876b5a2e28cc

SHA256
e68621eb60b9de93c163355942461f80a120f2ac8ec73e1a74e5484e32f6ce0d

SHA512
63c0088b98521758d527c9211556a8602613e7623b003050fae054c2fbddc055bb411f8db3801abe82e687ce66ccddc8a02c01892f5c07f2d725d6cbd3844a9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
5fcdf40fa57337029401cb767eb01507

SHA1
c579ac22265cbe4faa6dcc399e97b27419d25de0

SHA256
5c74beace3e436f59bb6078d8abc900265813f79d3dffde8bb5f554a4dbf2374

SHA512
4f5156e39bb6688b8beed381417f015067141d9e0b98b9914b3716e20ab2aed76ea8340f1b884b16c7e72de76d9790652851fc49b0a3fafa1064cf7b9b9250a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
8e73d8e891ac6f5595662ded1270d30d

SHA1
cf087ff2cb41bd3ebf2ff56328c3f5bb4ff1b793

SHA256
2ac5308a4fbfaf7f97487aa5cb3671d1f17236eed1dd9b0a90d439accc55c67d

SHA512
65416acf9b938094c2e809839073b9aab54a6c71fb1a9525c1f89d51e8279b6bd981d617353494cc7bba32a0e944b4c87e797b96eea5630c9be7a4dd720f7175

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3e2970c365a19c8dfd0815be18c4869

SHA1
da0ef7ebcf91f1ad58dcbb04f01f49915a18aae7

SHA256
84d5fbf6361610420cdaaa6388b53bf3cdad487fd71662064373491074c051d7

SHA512
6f4f31d945335b96ec63b198841af62d7c834e500e985d8f3270a92e9ff07310ea2b32942df723f1f847ad8a43b40111592dd37a841bdb616082b15379b4a268

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd32c214356479f054f15ad623b8087b

SHA1
94466ac5adf97ec4f7c92da83110ce7230353ccb

SHA256
16ac153a97ba13b172750d5b33ca284f34dcb7b468c2542da1b8c30db2ab548b

SHA512
2e568648e50da7be81c66803faa20617726961d338866a29169fda1178889603832708cf8d5446e6e4e9288da160b4430be23f33063bad73fbf904009d7cad2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7be90eeb2aff2f2ecbdf2c04fdcf3fc

SHA1
9962545727a5c91ec92125774a6533bb6337e8d3

SHA256
f4a9a8614d919524314e335ae1178cb6f63d29119d2d7f40e5ee8627b02517df

SHA512
3aa1b272a91ee5782c5ee193cac76f43980fd82c44db35e48952cd4f991bccc46aaa61c0f37b502b9da8b8e9e80d6ee49cd5b92b0f35447416af9d76bedf1e6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2ac497c82eb0dcba51828870e36c1eb

SHA1
9867a82fc9dfb646bb7d20c5f25e83886dfb265e

SHA256
3e45a60df9fe7887714fa655433174897cd7ea955156c2ac33649579561cce59

SHA512
1842228120813d5c700abeee0aa57dec7503b7f2e9777490dbcfab8cd3217262d90ad260aa5c75977dd0c78d5e162697d5e92e8822638c39a8a50f456b31572d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
02697059e434cb3fdae6cdef9b59915a

SHA1
69e8d7d87e5595ccd01a3a06c579e4cc01e09c1c

SHA256
b66f0b165b589ec163fbd5b23172a66709ad77f2745fca22a8d84c965c333a55

SHA512
c4091cb8bd4262eaf35c213d1c2ab6b55c7eeb1baaa88b3ecc8bb4a7022e81b6b315fb7e384b827ad319a37a92821212cea89f5b296e686680ea8507f1acf53f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
148a0d55fb1d069cced02c6ecef0ef10

SHA1
ce81d6b3f98cde4f90f9f12753f27327464f0fe8

SHA256
a9f181e00bcd141484473258189621c769068d4722e26e6f95a9021ac19c0620

SHA512
16322645a71d7892bf654c01ca831035a599511b4fdfcbb28dec7528d32057ab3ccc7220bb82e3f6526c739bf77aa012d1f22203650c7b96d8d1d0887981e4e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
a0dda1301bba3b36f8778f71c9db4e2a

SHA1
9535a86512ba8a1a312377bc9e57aaf7b54f1904

SHA256
2f4dfff2ab3812a6ab4379c868213d90f815f5367937dd29838e5f2dc30406e9

SHA512
44f490dd746ac536af5949012622bd85cd1ae893799be2a9fb034f6cc64248e0255ebeed088edb6b84d99c965c8aadea1cca9fe9ba1767d8f8df4acfeef0c2e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
41858408aa206593886dc3ba0f8e15c2

SHA1
b278bfe5de42d8e0db3f93e8095e02f5275adafc

SHA256
145514c540a4cba1d0fbd3db2393063b2ee381c2b4aa8d8288e3ca176744b1c9

SHA512
7189a9fa4d7bf8462ec8a6823639b48d79005c0ec424a6e8e7bc39d718a4ae7a0759396655c1399a168671566da249b8d5ba7607b773f75c202945178c0f12eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
a8cf8d0e6e2e144f0ebdf46e9f4edacc

SHA1
a0782ab04d355f4dd19597928506dda6059fe68d

SHA256
efd968f7257b238189cb70b8ffa45b444ad743bd402436bd2cc49975b102e5dd

SHA512
984c3ac5bade5c81d98f13ba0b095f989d99a04e56d17801b1d777b28a2a9c550e074058a967b6fc8d98c93c8df8ae898d0ca354847dcd55c067492392e7fd9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
b802b73a330ec5823748eab5cdf82242

SHA1
e38fc2515d0053491b5a4801389aae9f1fab1667

SHA256
4e62f2eb9be4a2932abdf8e55aee6ee5ce57e11585bea7271e9285f94d566f3f

SHA512
559b36063de94f46affa5e608d56bf501bb682d7c7b0584d2653361439802bb15206f7d334194978439841a5a68b5d393bde97b888f62bb7ac85c9fec6191c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\plyr.min[1].htm

Filesize
162B

MD5
4f8e702cc244ec5d4de32740c0ecbd97

SHA1
3adb1f02d5b6054de0046e367c1d687b6cdf7aff

SHA256
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

SHA512
21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF38A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF38C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit