c7ec03137b48f805fded06b4ee9deb97c2b00fded50d2799d587a6f50d70786b

Analysis

max time kernel
137s
max time network
140s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 14:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2206a184b762499daa0d674262496c2_JaffaCakes118.html
Size

132KB
MD5

d2206a184b762499daa0d674262496c2
SHA1

3af0f7c6a192f1d682d5f2d1fb2b071b0003e088
SHA256

c7ec03137b48f805fded06b4ee9deb97c2b00fded50d2799d587a6f50d70786b
SHA512

35b127742511d089be5109e55a727b088418c12fa3bbaaab877c18013d02d95eb48d46b7a7bdea6ec682307dc602174c22b3c46e201a74616e51b582c56364e4
SSDEEP

3072:G9IOpiiN1iWhTzyAgJLJxD7csUFETC7R+BcmlFVLU1N00ro71Yc6D7ojznHE:UTRgJLJxD7csUFETC7R+BcmlFVLU1N0K

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431880438"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B9F4E4E1-6D23-11EF-8C8A-62CAC36041A9} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3064	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3064	iexplore.exe
3064	iexplore.exe
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2636	3064	iexplore.exe	30
PID 3064 wrote to memory of 2636	3064	iexplore.exe	30
PID 3064 wrote to memory of 2636	3064	iexplore.exe	30
PID 3064 wrote to memory of 2636	3064	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d2206a184b762499daa0d674262496c2_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de42e04ea0de4aad96b26659f961fea1

SHA1
e2b7a7ff8d0bd72c9586e1d797f6f6dcaf9f451e

SHA256
2785457d650b6eb96267ef4cbdda8a01e209e2e0bd068d26cc67e41a5c0f6fe6

SHA512
2f1be8e1e72eb8ada57718160a5ef2a2a3cd0eded5cf4e50a1aae7d0bd35cb4326c1f71eb8751469b47d160b6970a88d01e45cad514a512a312e3cb5ebf5a896

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3e775381f84dacf426c9ffba6b361f4

SHA1
264fa44494ecc56df26bc92d15b446049b9c6cd9

SHA256
8601b766a20c9c0759c6ee97f1299c3ec53d97986506391dff9689c175e14b7c

SHA512
b8e4a3be8dce7bcd72c0a59f8e2e5fa06c22a120b2ef1b7c8a91519ba1b0c6abc33bc7842dacbcf62e4a5c7120d02b4fa0ba7404cb6ffc604746bd5cb6fccf70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2eef257f784494d7ec5060b0e7cc2967

SHA1
11a0ffff9432f131f7298cb095ed4af1b571c391

SHA256
f75db7387a4232c22e2137f32b5a946a87c284882d6c83be38389155edeead6f

SHA512
2ccd976762ab1e12dd26f263b81ec2fabe69b72d170569880800b8514be1a2f8811be646f5fa0ef12f3412fe44bdaaeb570665730787d8ae40e9a8d682f98d0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d390963aa3d303f0cb4e12bed76baedc

SHA1
3f64936f189a1184be7a07a2ca24fde5b828f2f8

SHA256
22828c439a654a1b9e9799498fda9ad37fd4ec2de53f8d7c8fecba72c07ee2c4

SHA512
ce85ece2a82b9a3863d2c4fc0e5d387cff690867a7718cac40ae68e6f335ce77db78143369ae5031e06a782edd39f5c879cc2e1094d214bc7659e26e610ddc28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fddfff16623d6f4492b1fac49fac868

SHA1
08b96405a7a0bcc2b022f9d1c6e41e67bffb9c2c

SHA256
ca7bc10d14aca02d944916a618e06717ab11de4fb7fac5b276fb6e026d4b6f0a

SHA512
e0bf20a5f959e8a75511e69af4c26e198740e27c34d7bd1166c730725675344cbfa50a2f7a84c47aafdfd9b1639fa93b9aa8a800c443100836bc131e5672c0fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c236d48f6b13e3d4f9d8626e24539606

SHA1
075346d6101551ba419192e50c2e4ebb6e9fcc5d

SHA256
bb2c6ffb252966096a490d96981acb05e4b7df2817ecea12777ebd73bd8dd5ec

SHA512
092d4adf1fc16ce3700adcb250384f66c51afa978ffdc87c67c183df58766c424d9906cd174d1c5bcb9ac882065c031303172def951699ffd48c2d224555ee82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d66ee5fb125be9e85d7f1d249f24c144

SHA1
ccb40450d6ec940b293662d292d8e7592ff2e588

SHA256
88179ed1700e727862019e1a4b184410889f1d52500002bfa9717b0df28cb079

SHA512
122f01779e7e2c07e1d2c45662409855e20c084010da49bf29e9a9ff715447535a75cbd676801773940c3aa21493d0ad7a19ea33948ce49b1e3a6222eb9f64a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e0ded07ee46f944d7370b64c6741a6a

SHA1
f893747180b89cf8990bc80bbd6dcd9994fdbadd

SHA256
1f68cf8cfdf16f9f84df6b1e3f7a0e0000bec6080469803a968211644b4b138a

SHA512
c400174087a1ae97b71e52e9bca81440c8467f2582f8f7cdec71e6f1dcb152582804e28355155dbff41cd3f79571400a982ca7ea4610f46da006c976c2c2a494

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21c2f14b878e3697812917d00c8b3cfa

SHA1
acea842f753439086e611a208784e0e320fa693e

SHA256
344fbd9da7a3412fcee36b66d784b50ed5951f6e9f18d843b6029189afe6fe53

SHA512
08ab0480f1810b905c8caffcc92b95033c33a33ccd830926a0a3a890be26e8cc4afdaa24f6a0971d78503276b7ee9f4cfd31531c4ac2f87af94a761fd5bd416e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c42ac6dde39f7f370ffdf2f4b086d626

SHA1
dd79c6bdf7bda36a108a32b7bd88b1ed3684b86d

SHA256
f096fd1c795bc12b65e240416de7d1484a9c953a3e097cae74e9e35e0fd2768b

SHA512
7f9ab83ceacc8c5427a2c4637ed51748d7bad80935266bc031fa97f70fb5862916ffb046a8125e53284296eea88401e314eae46baaffbe972e86217b916c3443

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc8900bb2999ad22199558f812708897

SHA1
294b75a30ffed2174995ffa77f37626d363402d9

SHA256
ebe94e3af938c17e560fb550602804da1df7961732a55b2e1ad724f8ef389746

SHA512
05d5ba2d2f5849670ca2ec3169ed518f2736a01bc8117d013ac26ecad937c30b957c1d48cc71bf2d839a4b0d119d3fc2ed3cc09035e8e25e5b1b02a14d0bd486

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58f118c47fd0d7e9b9f8b52e5509d7df

SHA1
510c17d5d459d0617bbbd8eb8b58bd505a2eb806

SHA256
1d8bbe0090b285acf5bdedae1a63310b0d4c5aa12aa5d56d117b0b4d772a8cd2

SHA512
8818dcbbca1cf2c6f3d5b216efb30d30c2c73988f37516620b2e6ec8bbf05cc5ff9b0ce089959ff3c1ff97cfb35bf5938f9e282323e4f318c60bb2f0ee740976

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1324.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar13E5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit