debc16edb81cf8fbff2f0b0f7830f7019136046b029593f1f2b33487e5caa45c

Analysis

max time kernel
120s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-09-2024 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d297c89063ad067a03d2b618dae77fc4_JaffaCakes118.html
Size

29KB
MD5

d297c89063ad067a03d2b618dae77fc4
SHA1

028766e6a43dcab343762c7fbcabd7e6415c40e7
SHA256

debc16edb81cf8fbff2f0b0f7830f7019136046b029593f1f2b33487e5caa45c
SHA512

e7316e84b36d4457ebfb13a6728b30c1a2330242f70cd3e4f32831f4b655ebce6868f196026918f32cfa2954dc0d01cd1ad03644565bc0cfc643e2fb64a02758
SSDEEP

768:koiFFviiCkrtyUeledbe2emeresexeXepeYene7CM2eVqUrLrYVOm8QACkGO4MCX:kVFJtteleZe2emeresexeXepeYeneV2T

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6E9FAD71-6D48-11EF-8EB4-4E0B11BE40FD} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431896202"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2156	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2156	iexplore.exe
2156	iexplore.exe
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2252	2156	iexplore.exe	30
PID 2156 wrote to memory of 2252	2156	iexplore.exe	30
PID 2156 wrote to memory of 2252	2156	iexplore.exe	30
PID 2156 wrote to memory of 2252	2156	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d297c89063ad067a03d2b618dae77fc4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
30e2f4061a3261f7cfceea3e2bac3014

SHA1
45d0c4cca4f4c291565f073931068467fbbccbd4

SHA256
9302a983fc48d26e48d70b2fd1be5eaa58408bcd772c114f1192b7fb95bac17a

SHA512
4349835a63a7aa36d6dfafba935bc8587fda169bb9a9f65981def51c5de2d611971301a8710abce1cce4437c668113a3ec1bb3a7aee39c8167a210d4e823cabe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7125b7989c10291a0b862b8b2583499

SHA1
8f46ceb56c05e5ca00ba96fd9734c27cc64f59ce

SHA256
2175a948182ab6e44b909b780544b1f52baa010cddda9ed048fa5a7d2ee25807

SHA512
5397bf3f8077e2f9ffa5d2745845758225a61e118ae074052c044103ab5547b2dcc7f41cb53bbb397ee0c64d06678aecb5c47cc733273f9c10f8ae8ab74364f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0725a580900acae1ef6dc2ee75281b61

SHA1
39d940c58af291dc15225eada0eec489e1c7a64d

SHA256
6efae1a2c8884935a249da98481b3a3fd798fb3520ea9a5df6f9e2fcd487e60a

SHA512
9a5a6082aa6a442a89b2b4a0c2e19b812d936e39ab22d258ffdeee183364082f98e820bd1253c518efe5aef22cbbf679b75d52ba0700bd8a2b671a1ce4b8f43e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e1575a7705c1e94a2912b09354fe296

SHA1
9e0ccf3e4c94154b90e3c45408fde7f752327852

SHA256
67576a93644f2f95ada599e44b2d9cd9be95c99c007edde73310c32f9227007b

SHA512
c5b1f1b2a118412c5edd7d381b52ec29775c49e2e4b55761745040360bc8090658082e5817e0e0b87cbaa4131fb927984443abcbcebe70852de8b43a0df223aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12f5861d9081af1654a05cdcea07b93a

SHA1
3b147f147da804146594fa751687fd7bc3a51682

SHA256
5c2ec7e4f055106c72c51e6778294e8f95fe372d2ca435cb12d07a92345506af

SHA512
854212a4bf7caf52ca04a562a017734239a2619205b34186aca6c8ed4e4605028ad8f8efeef476f65ef8548a8330a7eb79e8d63b09112dfb3a2cd4d1827f4375

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecadf4a7221b3fb2fad7b4ea1a955a2d

SHA1
7a4e0b3feec9ffe68d435cda86f5af5eea6c3f94

SHA256
23c5a405be0c51bb266c3d58a27b9b49ccb84d2cda173af6fcd813313f5bc237

SHA512
e97151c1ce7b01c116d867c294399dcca524f01a322fd0a1f0f55d29fab0b8f69cafece56b90793cf0f92f373d131411e4a15a4fc4bc58a7c39ecb3053a82963

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c12e0d58e5bf94f5a1944be34e202ade

SHA1
ef5ed28115ccb07e74d1a57306b5134ade47bef9

SHA256
10f0c2ab7d1fe269f48a735b9cd058ca3b85ccf15f61ce20ca3facdacddf59b9

SHA512
c6da61f31badfd1f928be150df62b49f9051869f4c72cc9008f6c054453ba02fc59111846e4b87283a76fe80b3e59f76b0ad1671700b835cd74e2af1152be3da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8441f36ead31f2a4284038108084f500

SHA1
b5b33353295e74562b344f4ba48f205498d9b436

SHA256
af144547ea65273ccaa7a883e977c47da9f3d822b2536681aa3d3afea080c50d

SHA512
0bc37de06f8f8d7c40152d75a4aa6b88bf0cd71635ebe2fca9a6edf643a70df823d905b7e911c81e2ede9feffd2a85fb24eb476ff7544362cdeffdb3b6102f53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aeac2c3ace3109b3cf434a83b189df3a

SHA1
c19143f4001c0d0f688ef73c13efbf46e3fe723a

SHA256
61b7f32a0bb67a407cbf48b342d85946a141c4bcb08ebe7d2a82d19a06633339

SHA512
a5b0fba796fa48cd2ce33e97869dc5f5fe01edf9101227dc3ece2b5becd8070a77fd22442f0942df44c2cfecbdf8354ec838c885e0cf3b22b0333dc05282217c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a2a86b47cb36dc712f9ee6d9c2b8cce

SHA1
d9b86f1c333ede85264b94ff856b72114e6d1905

SHA256
089c83fe67a8e7fb7246f034d0c1b0532289d86167c324200afc78f538e93b44

SHA512
20a885e5133ae06d617411827522aea7bd94372c47a6fca6818e3105f0e3400d7abb4b45b22a30472c0b702f926e4f512ac6d805f364118c31d4e72c4658b8d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1bb5314fa5b7723845c7a01bea6add22

SHA1
ed1ed15450f8df7406895928b6bd2e68738eaf18

SHA256
52952d56911474681da08ca9282434cc4669a13284a0dd3ae2146f464790e7b5

SHA512
7119dd9c6106bbfcc77df101d1a4e225c15dc8bff93257847656f1e85c8af02338e7d83ab719c3ce6307e16e0fa410cd5c6cab49344dca9e6d65cba95ab21479

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e213dd07c1bb417d2d23d3a936b0034

SHA1
50b99e5398dec4080563351bfa930a341c342a54

SHA256
32bd14ccced86e1cd03986c661ab8747df07ce4e74a89aa2b374e342d66c8b31

SHA512
3501dc9f17b0bdc7f857cb1d9fffcadfaa2ba19bfea2ff96d44373bd6ed44a85e4c48913b412248bf588e5c8bf89e7964eed2ecb0a6c5486c1d3247e915c5795

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a37d2cf28ad91c6b2ae8ce20ecabd45c

SHA1
41a38c15109dfe91cd9faa941be60473820928bc

SHA256
a880356fda131f6c94a1ed9f27bf30281d4e6bac865d51e1e65df34f5e361987

SHA512
1870e2aa176669e3f0959acc3d144960abc1ee84799437bdecc6a0678b597f52a6173d5f35b8b15e71ed044fe2d4100b93e8ad57d9984ec3436f91535cd1d48a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
894bae3340dac1e02043c423c6febd65

SHA1
41fdc04cc8f860f9bb64a1c87438acfbfa4d82d2

SHA256
49e2da173d519f33838c71f3083ec9f1c1a2c1838207d7683ae732ce471b4589

SHA512
f53715a061d9abdb4bddd78e76711e5d8618785c0a08af56805bc35f6b3ea57d39e94fca5c80651629537087d7dc23400584e6efddbe279f57a5b50182566557

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1faea35e57f40bf361701c17ccedbe9b

SHA1
a52ce48f475722ef96ea77ac06e17e5ab3e78e74

SHA256
20521752b10880382663c913c3e651adf569ddd2b1e1f84909bf6ab65a9b18ca

SHA512
285d44f9bade6de21930bc87bf94c2405d1dc88fac05b16b5020dc21b2d78fdcdbdcffe692f2e82506608ce4ace0fe57b6a0fa353856a74b8f18e6cb43039657

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC36F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC383.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit