fde381c53e3a7bec0310419700dbbd304891b0dbf1b519ebd2872848c029ab74

Analysis

max time kernel
139s
max time network
139s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 06:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d15766dcf1688f97f549102bf5fb438f_JaffaCakes118.html
Size

56KB
MD5

d15766dcf1688f97f549102bf5fb438f
SHA1

df21e29076334a78f59259f743ec1b54178a03e3
SHA256

fde381c53e3a7bec0310419700dbbd304891b0dbf1b519ebd2872848c029ab74
SHA512

952e182043e3063a6fafb662599752eb311f5a73bf61f1763a20f782931dd62c1d8c45fdf6fb97834122f797a9f07be850e9d6f580c8eca3cb52fc21f5527e36
SSDEEP

1536:wOPmHv7oaLS5PF4NS5z62jmGhL5i6WBhP0:fPmHTjO5PF4NEz62jmGhL5i6WBhP0

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431854272"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CC054CC1-6CE6-11EF-8B3A-FE6EB537C9A6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2036	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2036	iexplore.exe
2036	iexplore.exe
1472	IEXPLORE.EXE
1472	IEXPLORE.EXE
1472	IEXPLORE.EXE
1472	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1472	2036	iexplore.exe	31
PID 2036 wrote to memory of 1472	2036	iexplore.exe	31
PID 2036 wrote to memory of 1472	2036	iexplore.exe	31
PID 2036 wrote to memory of 1472	2036	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d15766dcf1688f97f549102bf5fb438f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
40b152e68bd06420fbcc319c5f0a87df

SHA1
ac88464c5cc26e3adff83a5b827d2aeea87d5a93

SHA256
1b87fbcbb61e7f95a71b5020568e5d8d153d9bcbd21d1a6234fbb34a4584c665

SHA512
331e2dd7b0ca9faf0577fb137f3f391683dcfaecea586e755ae92fc647b6add88510d338d1e646dfc2ea1ad583a7977b8fd1895709e63c1316e8b3dec1f9bc1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_F968CA97A68F4E6D5C104EC7FE3DFDEA

Filesize
471B

MD5
7e39ff496edfe3dfdb85dcd49da2a777

SHA1
32e828e1df87c0e0626525ea6614cb5cde671069

SHA256
5b443aa82793c5f4ce5ff89a5547b54a2a49d7d7babc473b8f0e6ba224c6d21c

SHA512
38b427b15103458361af67d3c2b4098d65cdb5272e52ead50f6a8dca319b05aa7c8cca2ddbbe10820caf2c55d9f9fe99a62d38fe38e9acbcabef857c74e338c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
5301f5ee7c6247590c0b3ee5aaa87adb

SHA1
c97ccfb89db7587018374428ef61bd980c275951

SHA256
51eb1d9d2c79d78d789b06387bfe611e3c23f9bde5aae7744cddc07b1f4d1619

SHA512
4a06062dce6cf082d4af4c50997d5dbf7cd9658dd63213b0092e36cf17fd563701b74f779c3b2b0b8ef4f265a25d96e3a971f3425785a8716f7ca864ec7fcaf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bbdec39c9bb3a92e3b256301b2f4ea57

SHA1
73a1dc0dc539f0bd0de76a8d765061bd8d9aef7d

SHA256
682632745712f7d32200d63327bae387afa817aff3382c6423c2dbf13a31151f

SHA512
0d974ef16fb31d06672aa8b1dc3714ef865cd062ec28d14ab8bd476dc3f689c275d28e589374bf30e46b603b110f898bb3b9e7af4e467c020abab17f4e42693b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c5c9094b09419508e64f98067329c65

SHA1
54bc3237b0144da61ca432fd925d1795e7587c85

SHA256
b4cf10f456aacaba59fe572000675c6380b0fc812466cd5e8323f860d1026ba5

SHA512
9250ca43e3b28a7ac0cce97da29462eefbeb042fe29b09fb7abfc96ea091ac3a4797de0a8dc7c1174b9329266f3f1e3630437afef1fd01ea1c5f66521a0025f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9c86d4fe8c582d2f8d09ecce1f21669

SHA1
8df51bef4962037b735c7f4769be1096dc19b619

SHA256
8f0ff4a30524b491f42e62ef5791b13dbc9338d0a1e16430cb4a9e8392120883

SHA512
540ae43cb32938ba264c3534e6fa5781d633e22555cba414e77468a9062b989044a4c0ed384b8b6852ad2812f15b7822a94c03641cf8032cb1727a55181e7391

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53991024652244099c70dcb85ab48ccc

SHA1
504fbf7a7c3c2fef88af252a2400019e72dd1189

SHA256
d35017f956193fb6c6446c3e51ccd0b778923c7ca83a9376d2923aea7403bd4b

SHA512
7733892237f7379968bfe4b12831c8a2d46253ff4a5a87a3fe1dfeb3a15866cdf84ba9efb6a3e9ce680436e15e038e26eb95ab21eb0b2c8c94ad88e7476a6d15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de7e5e7fae185b6778b2dd13795ac666

SHA1
ebecdc66bcb771fb15ef1858b17c1e16ab401a69

SHA256
56d7942ea5c0b3155bfaabf527a65a4cd4af17d0559efd683c219dc2e3dec0ce

SHA512
dc649994d8c0627b12160e59716f97c92baf9c65ca9f2d0a0c5d6bc4bff557623cef142fff11dc5c2ed2c67a606336daea2c01f82f1f27aa318717a5b7154df7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d26dea2c4288ffb414d0b8eff5c28fda

SHA1
fdb1b743890de023480cc236e3c8c205acd687c0

SHA256
654e73d400d207e36b3a3ee3a41819b03b70e2cc048174f8ad101b42841ad64c

SHA512
daeb85deb432f0ac5a85969d33521e8201da382e5a6ad3dbb8727bc53276ddd5c565722d2f345001b4dd696840fbcbcd64af937bb43043ec1f6574e032889b2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5eaa7b73f3b23c66f9e75c8726fa0249

SHA1
31f8de809f0101ab8901f7b87e14cc03b2ae5220

SHA256
9a5862f9e8d83b5521e4c407c2a274c1c903137c3260f55ac0ae69bec6b4653a

SHA512
6c70d9fd3d18525d9a5e3c573dbb1dfc6dbb53d4872794fbd802bbef57960e2a4337c23036617363f6905c4d6ae03ffeea85fa5704544d787350766b89b8a743

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
268f7bb52a36088033f0bef3428a24ba

SHA1
e1f9e2b920de9e09a35120c5d51776ead8359683

SHA256
ba53e4d19785441cdd62703c602a1d47f5760112bc1587c3eb7099dd71917308

SHA512
b6b6e08e6f5ce36bb4c53ca186627d33e3e9574b8d80fed4d3069294f77ea06340b2b266add743543ba64a6cdba5ddd7f9256a9ba6ef62f924985f1053425d86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3bbc80d634605f9164c20c4581c26191

SHA1
e1b8081c71174cecde3521cb63f806fd793be40f

SHA256
79ec8d15097ce8d3dff9a28a18bf2fddd40ce8cc9c083a2687f4514cc36e3150

SHA512
2fb2e5f5a9a3bd09eee7a971a7d1355be69bba85d26159fb1a832f1561ca4fd74fa9da2e69948fd4a09c23ab0d3636debdfdc3e152668fa19d63c7fc6cdc6bd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2704fc8bde791e16847a2edc4c148f5

SHA1
f094749a4db862de6a4a122765e8ec4c4e95344f

SHA256
f09b275d848910ae1e43c058ea18ea5d4e36228e7d30a4dbeec9f5cea29b6a41

SHA512
fce8806bc03b6eea117507fc426c2a2e819ccd466fd7b565b437bd6a267d8091b12997da9d198cb754ff317dbeb1996946029df55d22833899b52bc6f7628b96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_F968CA97A68F4E6D5C104EC7FE3DFDEA

Filesize
402B

MD5
db034b7d432c3752cb4a89faea487ebf

SHA1
2df57a637df1c54909771345536842fdb0a45bda

SHA256
69da8873b29adc630fbcb74d4118b933dc6849dd264dd3df71404353f5f87ffe

SHA512
c20212d113617b14dbabe2ae6a1de8397c6d2dc22dcff42eb760779633e687f0f5f98907dee6c64e9f0b17431d7780940de78866697e3512fe854f7f7220476f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF0E6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF166.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit