f82ada2fc0d8c602f2a405b21886dd4c2f58b20b24cec7fe1ceae830f264fb8b

Analysis

max time kernel
148s
max time network
153s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d04f9b495253aa721791c4cbbf9038eb_JaffaCakes118.html
Size

86KB
MD5

d04f9b495253aa721791c4cbbf9038eb
SHA1

76ed7aebc47800ed0222635d953813a723dc9253
SHA256

f82ada2fc0d8c602f2a405b21886dd4c2f58b20b24cec7fe1ceae830f264fb8b
SHA512

57005b6822b5bb395e768d22fe1b469b458ce88c42107013ada58fe8bb96bd7aa3586c84da5a01c792863376f5373ece330a6478c5231b72cec72ab0b019793f
SSDEEP

768:b8s5R0qHBT4aOGbw/OdHGISJXF845VZQU6UwvTV9XJ/Kda8kY9Z7s3N0uiwhRRke:AuwXw+cQawO

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{17EFD891-6C87-11EF-92B3-F2BBDB1F0DCB} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431813164"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1348	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1348	iexplore.exe
1348	iexplore.exe
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 2812	1348	iexplore.exe	30
PID 1348 wrote to memory of 2812	1348	iexplore.exe	30
PID 1348 wrote to memory of 2812	1348	iexplore.exe	30
PID 1348 wrote to memory of 2812	1348	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d04f9b495253aa721791c4cbbf9038eb_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1348 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
706650257572409933afaf0a7c2ae0f2

SHA1
73a481c4b807c6eeaf67621968f71f632b0341c8

SHA256
6bcdd167a0febc6153497240d8fabe6a22b37901fab89b9fe28abee11b1ddeb1

SHA512
f3ae3c4a364b7dfd78cf2ecb22e167185bf3753e4d7c9749e088862652ff04dc4c9b9a6471922f186583d3c950a4e7bebb6a3af92b5408ab80ce50d690b83490

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15799bfeae54e9e3d1329f2f23612c75

SHA1
1034f917ff1e12708b36e581cce61160077348ac

SHA256
9ed21071cacb845a14d4be2b4f26bdaaa9b8fcf9c53cb8067fc088482fc676b0

SHA512
119f6f1cbc9e8ed811b907b67305ed4dac8600f929a0d07f87b1f54a48c5911fdda696ec8d141f4bcec0ecf32a7d522575fa9297fb6675a0aab745e6d7e65ba6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a304bdaa074aca6965461558ba4d6dba

SHA1
f717d401322d413ce12635bae0177c0b1e8fe8ae

SHA256
0f838877634a1f5c11c59b99917bc42da51e2ab174cf5734d2c938c399fdb406

SHA512
969a66fe909d11bc4025bfc8106c9b35e289a4366aacf3d9d329a16cfca0fdf369720e3095987b3fdc8adb7f64af50dfa966bb3d543458d8cc502c10a227879a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6566eb38b9f3086ef5525a16930673b

SHA1
7364a0d660a59fdd2f663207d7208f991ac4b098

SHA256
f18b520d146c31da8198e7a60351296d5cf94ad1372c7ef4c8329759b45031f4

SHA512
abab81675da23b74eb21a86251ba2c4f9b319aaf8991eda5c518a0cb471c95e83ca1ab1800fe5b61f6f990d5c51550ebabebf32e5c6e4b97ac951a120509d3dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
481ce5860bc51e8fc81ad9fff8d70e35

SHA1
a3dea100b273116e0357e8318e4a80b014af3435

SHA256
e5dbad5423d823eff850f5ed561b6c94165c955a736fde9d87e1832300335861

SHA512
68810158488c81fa9c56ce7487060406b8d5eac35e0adc6940170b6ec57b8820bf2a3854063761616bd651c6a6b2dac4f8a42d088e62e0c85ca01e39e9a4710e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a34b95ed9c8310115f37533e9ad6d12

SHA1
8727af29f4b8443fb9d390f60310081c89dc1933

SHA256
f4dd117c61a3c4f91cdc80cc934cb6cb5db10324ec678bb0ae9318f0c5ea38bd

SHA512
dbca1d69c8d371c1ffff33941c653dae5e069118f883ee713ba880049ce3e13a0c79282628f72389a665f8ec2d38d97400eb73fdb5ec530edc96c02fc9dcd525

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba45a4c1c3347d6f8767486277ba2066

SHA1
79e762d7d3eda437ca482ab6eb0ddebbed5f561e

SHA256
fa7f0f7d0fe78243bd99df08f6c84307642ec8203176aefe398a9e8ff9e83275

SHA512
fa2cd527b59e6f535694f512142ce535f1c907eb8160dd0d2c2435b45507148c25b92921762add1b2b0595f68a04f6432e64005b39a6485d35f979a83081626a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdada8affa489ffd8808afe0ab7351c8

SHA1
e530824def14365477c5a5a049639db61eed8091

SHA256
1023056f5b238fa053d72f77a43eb64b84b86187af5f54819b1c0a4c5233743c

SHA512
18a65e51c27fc5e9601b84ca6803f074cccd1c9420dab1c95de411aae6383d16c952682d86ca67d9a8eb7eefedf2b97805eefc7ceb5b52f21fdf96fd2f0812e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5dd7f7aabd4d7a1bbd2c042851abc9a9

SHA1
14b66fb10b18158e7315ca8e65ba10400df1ab10

SHA256
062a0c277bf0320b6a2cffdd8f45e7a84457cb7a84b09384d0b01fc4d03aede5

SHA512
b2cefac717ad6db7aee8ac153f05ede2d410f73d9f92024028c312c43e5f219238dd3f4047c13597ca50a7e6dde9a73f779127edf608d6ca7ec02ef7becb26fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1eff60997af56ab2206b2bf0dfb025c

SHA1
09857b62e8e8bea0ab62bdfe25a1a7da48aa8b06

SHA256
6ffeed1d2b7ca4914e41aa78f68b0280e201acadaadb94e940046d642f2942c4

SHA512
f87ae935c11464aaad1354c111b3a95bacb63a74b6f0af7c071c09e3acf1dd1e69cf5e294beb7f3555708ce1eededb77923af461c73fef126a99f4e8450b21b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a3f9c0f4fda7bbbddf03b9477a94429

SHA1
4f65060f158e29bbf8418ac4835826d428a2bc48

SHA256
b89ac14803304449a1e16e67fa8ec2106bb4ebe3663d231e62495ef6fadfc475

SHA512
04d06da6d59de4ed0aa76c567ed8c9c90d450547e3e09f9373598d29e2652256e34f7973056b64f96ef52755037a7b82f12f6c60682f69f3b16c740c19242348

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
714c65b334d54f0fa6dd3a4d57bc1190

SHA1
96cae4d71dfbeb6218203a983e57a8e563cc2119

SHA256
3c8b6b3354fee076e2083806c58d236fab9be83486f3ac60fe5a54dc5cac8537

SHA512
33cb480605116fbc8fec1d699561d1d01f3a8e9bd42a818a3402b519581e93549743b77985db3ecd9fb627d756bdb507753f061cfac250aff4725ef4e4802160

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d87de81cc4cc923b7e200207b57fa2fc

SHA1
806e8974c986c3cac6186aeb940bb9c4018b3e03

SHA256
bbff98d682d6b506067e551ec2e696e6abaf7780cbe7b8c7296c8da21aac5916

SHA512
61a881312dc668f379da5d014ddd4c0a0969aa8b34344d8118b02f72feec465d1d1e793e3b7834e08ce9080322e9ccfec03f12f65539e52b2f86402981390967

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2abb1ff3de06b00e646dc92d1359ff5b

SHA1
676a4e3ae34477a223f1f9a3f133775adc7f469c

SHA256
1c883490393823b6f56d4aa3735428671b4cbf35282fd45bf54beec39a7bd7b9

SHA512
0de96377fe4bf82e49d542b9b6fd05c4c4ca2286261b6c06e893d21c452419424db020ad8d5687c47306797c75a571c1f7061186fb7762744bd4b2ce9408606a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c28ec8a48c7330495a67903f8c6c2e0d

SHA1
4c339e9b17f837be992368b9e70eddd7e59709f5

SHA256
88822f6d116e662462f8c3f9f0d8b4022c64ca7b87587263628e0805b943d797

SHA512
a3ed8d00fe57148ceff3997980452175a369d33fe6f7c2c2fe938fe4eb0c1cbee296d75a8b8500303d9a2e4455b58b511cf1640b7e03ee1ac2711df786e9e391

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed98af3e48a233941b107d93f752c42d

SHA1
7d799874f28d701fa8400428ac759c2b43c8d348

SHA256
118bca3b4473dc125a18f701998ea9b0ed0e41810c93f77c063ffd565c86ff5e

SHA512
d45a48561ae78186887e9c49e8ad23c1696e55d459262600d499be58fd157d4b3aad02fb1b2e289981d6e4da031005d1bfd50d5a06686285b23d69d1e2aaed1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a900c2793cb4a50b599ef1e58e2b0a0

SHA1
8240bbc3f3eeadbb6298f0350d23d488483f20ed

SHA256
fde2adb92b6322e24fcdfb48b6a4b37651008dbd40cf45a3851a355614410bfb

SHA512
7988bb1290a26fa17f866f67d8e79ee6372c2d56d3db3d83ebff7d6c20d1684be9f4479eaccfdd2f12b41828f82f3fe0a7946769c5071ca00c16af3ecfe2706c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8c3a19a78dd94a15d2b779fd7e788db

SHA1
f94a90e99d572457d02a54dfc54d1c6e07d7b1ed

SHA256
9ce73440ffeeb0fbaf9d1dbd441be23b94b27e687725ad5c7ef89f28ccae16ba

SHA512
19f4a03ac5b0547d24b481c6c2ff448f63aa36a249572e24f7370decebab80ec00c424ae53d7b4eed672ba01851b24fabcd216c3c7ad572056f7ee3d978f5eeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8674aad00d0019657fc68d2b841db4c9

SHA1
ab05632e775d764068d1b3676c4044fabe44e4b5

SHA256
28b1b76cafd852d8651f71a3650541e97ca9e851a7b8cde75f950918529754cf

SHA512
4f0b62323d346cd6305f3544dc76b50f12d549afd37d9e107bbc559530db6d8d324c0546c244921adb1a453cd643c9dd732bd12c61b3b4faeba854284b6dcd1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3529e83ab747c173dfbbfadd6fc0b717

SHA1
0b6a72ef3e08de35b0a9e1cbaa81ec8ab4657e30

SHA256
407e0f264b0387d91a9da351c6f20e4de881e7cbf5af65ec908e0963198997d2

SHA512
05a2d3f9eb980211d11bdf841af94cd98c97f88d66780b2b9ed19cd256436095b9207b80f75f4ec06b287c57602bb94d4992c077988f79450bdb8c83a2e608c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3D11.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3D13.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit