e0ff3906274d08740c1b2ea22cb3e345cee1cc9e4e69ad20dc00562ccf237cd9

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-09-2024 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2d9f2bc091c8302be98fde2baeed9d8_JaffaCakes118.html
Size

102KB
MD5

d2d9f2bc091c8302be98fde2baeed9d8
SHA1

7c6a0c40d68fdf5dea10251173f4de482580f360
SHA256

e0ff3906274d08740c1b2ea22cb3e345cee1cc9e4e69ad20dc00562ccf237cd9
SHA512

1b0a2716522f1902bfae3679104e931cc0e11af3670944d007e3d832dadbc647b03e68aaf307e712397febcafc53cab12de9ed218a5932a46981b22a23ecb5c2
SSDEEP

1536:2p4637uJno2mFttt6Jw/WlNOVjA3mEPlqfMFo:mnLu1o2mFZ6JwC4VjA3cMFo

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4D527E21-6D5E-11EF-AF60-7ED3796B1EC0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431905595"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2344	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2344	iexplore.exe
2344	iexplore.exe
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2704	2344	iexplore.exe	30
PID 2344 wrote to memory of 2704	2344	iexplore.exe	30
PID 2344 wrote to memory of 2704	2344	iexplore.exe	30
PID 2344 wrote to memory of 2704	2344	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d2d9f2bc091c8302be98fde2baeed9d8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
1e0c01e4e93d52ef16f3b669214b04a4

SHA1
d33a94ee7a36cd526a804016104a660d86044627

SHA256
46c9c707b6b946d2ecb0d581784dea6f73c1a8af5d7984c6d42ccc19e59e135c

SHA512
0f9e27b78900a45499fc97d1cfb8e846f9b04fccc062f34d0add23ee56d88a0e485602c8cc31fdba792b4c5e973398b3ee276b234d64149a0df06845ba7b74cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
a154ced64f60101526f6054ab846f8c4

SHA1
f542b010a9de52e33384a2afbaf4023be990e65b

SHA256
74a6f7eb821e52c16d0929c954cd0b54ac17c1d94a09fe34143d364345c27853

SHA512
34cdd12b8430c46e2a7106617eca71566138ebb3463fb65a0c40579ad69a9a5cb682b6b92c20f4290e388803042d81d9373efde64ce1c691ce3130ae5d441a8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
2454442893ec1f5d7f4688f6e07bb447

SHA1
8d2b0b0f7e7ff42e06da196ccf2ca67e1cd343bb

SHA256
6fba64db98a9e6fb20b8191984f878be5110062936186d0fe72bde9544fcaaa9

SHA512
4f57a951fdc0508fbe6b6475d38f23e00b64d2bcf06a3c465d05d1ed9262bb8d605274c8972b89268f874b27330c32d6db7f5b916723dddbc7a7561a2b6949b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
9356173ed5946c610f4df29b9bfb972e

SHA1
fe8c58f48c4c0e2bea49f49f1f5899a87f095efe

SHA256
f9ce76cf8d55e5005ca8d580d6644746b22df1260ccf12e3bdad6ffb0d0011b0

SHA512
99a2547da1af4e9bd34ff97080c61c5312c3868839e4dfd868044bcb0a1f0368cc63f9bb5e80d26a09e47555997bcb465e6f2bdb88452483fe566a6d61faca0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c04f2f229acb283cb6190e4edeca36a2

SHA1
4e1802a5b7fc2b5b51fd867ae0df928a78922231

SHA256
166ba7fa35bc9dce8563fd2f06e348bd610bec46fd73cee313eb9d9a89cf64fe

SHA512
e760108a4aa7f1142ec5f37dd707268e0b2e53226dae69deb42f1b916176196fc6051f65059dcf2b259d3eb67e7da3fba9f61bc2aa84c817c1e7a93a8c184eb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ce3d99e028bc1c25624dc9dedbf0555

SHA1
c2e00b335ca70c747efc527b22cc003d219b4a41

SHA256
2b978587a43441e4bec4a3631e37d7e8aa61e1934c3817a4698f24a78a722a76

SHA512
47e92a3549cf9ef71d4985ec64e6db8996e295809678a612a82abb4b0152bd6d7f4920d2f8434095359dc15a36ad40cd91618a271f4cbc7b39a05dd362f3b7a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a7bed405711046ca10205f3d3ab1d5c

SHA1
ecd2b66fd1d70a5afebe77e9a7586942643fefda

SHA256
6c192e3ab7a900c664b947b75987d7242fbb6863305decd2071b566c2bd529da

SHA512
5cfca6f89deafb1ff876a1b60fd460f6647e3e7c4542f5a4e34869b50ab3dcd13cbdbdb69b9946ec7eaf0a8664714499623019c2555a7a90633907214fd749b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96cd3d923c29397e0bb625a7634cb717

SHA1
a18889438175a48ecab0928a724162655fcd088a

SHA256
65d3eb0ce2a002a9c9ec25c804ebeef91cd858a7ee3ef8463a987b6c602c9620

SHA512
82f71831e19ca418292003cda0e9892d0f07ee7c4f3af14b2cdfec991ff9f4f810aa41730a4294e94710f292c201de9e49c89702bc33444fb4bb0ab37d6bdd56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a28f2c27b3b050449828d19bdc1bb382

SHA1
ccad16def377cb9dbe59b81f9b6e44c1e1b40d94

SHA256
e76f76b2583288ca93c8c21deab67ace7f191d3d0d6df520ab431ddaecef3a64

SHA512
2f8cf9d527bf27fc9af65ea3652b4ef8bbd8e7d1b9e257838cdc0f29e61063743df86e88df600370643912227082be217798112e94991783b8baf8becc600521

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5de4b3d7bd1233408cb7d8b6e7559f8

SHA1
05992aeecc5c002a3f4ddd81f06e14e854fefb31

SHA256
0bad591b07927565a126b9a41ab4bc7bedb01963ec5b34aaad81a29a911663c6

SHA512
d326c1a75295cd019d2fd0939f2c6cba2eb709e3966b2f8e4cb67010e662f26f4662ae8f5a7aa9bb232de55b3556148b9edfe169f863db7a77039daa9d5e6729

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0061e9cbbd05f5a94ec134c47631d936

SHA1
e8c41e0282566ccc24622f91949bb3077f051eb4

SHA256
f1a77985f6dcac839379d44474908a3516dfe913724de3274e0f41be1eb978b0

SHA512
11586b1520031782c7c7d6ea5d11a07a9145cd3f70eaf98133617e133e526e613d362de7c035326d10a32a90a2442b4de07f16c14c176bb1513d504d24af83fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f60a5f258a7ce866e5c6bd559088a4b9

SHA1
e636b6ae0eff8a4434e7dbe1501c44deed9c6a47

SHA256
26c90f4aa68ace57c3d43172cfef1d4bda10f0121228edac1e0634b93ce5d72a

SHA512
bfbcdb6137676b0e3cc57fc5fae360265a16853d5193d5965da908bdc58d3a8117fc320c4616d2ca504a59d9cafe544975c8fe20838fb258bdfb2ea2f5f2c6a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7acc005e3fd10ee20e1b701c9a723ac0

SHA1
d1f1948a045f977154fecb7b24e14c3d54586b8e

SHA256
cd9eb790c9ffbc8ae0a2d54dfa66ab4df69293726335ace9935c83302d178bf5

SHA512
2f7a6179447f36216b8824728bb2ece3924f15bad7e3ed44424a76cc38a46f71266bca81b7032821ae92823f880b02695a338a45c469f2e9d0613311806d8b27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e636dddef67e9aca2be851910074490

SHA1
29ffe4c9f9c6f40221cdaa20b6caa403dbb01550

SHA256
f2833528eae695ffbc258d30fa79d5205e98201e51e05f94010b9ff315048c2f

SHA512
fe125fb3334eb40edcf0f30eb91d15d41cab539505b19b15de3c0a2be369c75b59765885c4d470c9d734bcba6d7137fdbaf5abf8375e0c72be480c9ead589a71

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit