0d4dcbf4464860512ac8b071c9e1f734a5f0bfc64155d7e3e5c532af87e131ef

Analysis

max time kernel
149s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d52dea6c5013ad61759a50ded679eebb_JaffaCakes118.html
Size

98KB
MD5

d52dea6c5013ad61759a50ded679eebb
SHA1

1400dab8447ae4fb5a9b0e4e6b27eada3bc2d026
SHA256

0d4dcbf4464860512ac8b071c9e1f734a5f0bfc64155d7e3e5c532af87e131ef
SHA512

91c470cddcc9ca228291120439d67214fe65f1d94dc8c898172bb2f5521d54ca4eb9295e2968ae507829afff1afa31eb3216a881141bab587723341e46d417bd
SSDEEP

3072:izHwprA5DfN3spu8EzdsiVVGP3tq8IuC6+OrEJAc7XTTK1CZ05R4aE3cKakIRO1q:0wp8q6A

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{84404711-6E2F-11EF-BF50-D686196AC2C0} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431995469"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea220000000002000000000010660000000100002000000059d4f95cf570c2ae95954aa70d795790de14a6e51f7b80a21dba709735bada92000000000e80000000020000200000001fd07bf20adc6a95391d71a469b65cb28b5a3456d288df99dbee65ab7b66af7620000000f5f39068b3eb094ff352ecd56a668fd5a891e56fc9b504577d6be630b03ed60d400000007b7dc1ccf89b1b73f6ed0843a0de5f2c3639180a86170b07fb383054aa4e6183d90c3154a7ec744dcdbc03624b59360c2c493df8c03b41a2274ef20e174eb35b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3016015c3c02db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea220000000002000000000010660000000100002000000014cb71574a241cc8ad04d97f6745844838963a490c857d1d6bbf336064d20214000000000e80000000020000200000000c2563c651747149c176dd0e236c47ebffac4d824838f3b2f69a3ec9e5e39c4e900000002a05e5e3fb3856bf365e8863ae70962ea16ffd5be7805b81bc9b90cb8f655c08bb563a3cd54181586dcd9389efd5256c70f2245f059cc7b38d8926831d92701988d1f30c4fe5e64876060c4ed656856ff6dc86eb422a6a3d8e28b8e170a4fa36851e5156bd3f7f7cd6860f05c1263cad6b46021fddc545a7dd5985d997db8fae69316cff67ffd27c5a52c3cf1f3e4a28400000006a108dd5b77a049f7b2ff3d97bfc8292bd20534c0d9f609b30e4b702ac8a00a8bc3900e22182f06f6a7b347dfcb57f5eed4ac76c3edda01cf8d5ff2f3b1b4179	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2236	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2236	iexplore.exe
2236	iexplore.exe
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 3020	2236	iexplore.exe	30
PID 2236 wrote to memory of 3020	2236	iexplore.exe	30
PID 2236 wrote to memory of 3020	2236	iexplore.exe	30
PID 2236 wrote to memory of 3020	2236	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d52dea6c5013ad61759a50ded679eebb_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_5F8ABD199E1CF2EB9B30F8FD50D3DB0D

Filesize
472B

MD5
ba269766b2e838209dfb858760c11b78

SHA1
b526f16fb5dc650eb9e09f8fc324ddc798e5b2a6

SHA256
ef59a592491d5444b6bbccc4fe4ea1fc5aad8df00c4aaa75b1fe29e567f53041

SHA512
c8b295da60049db7c734036e63a0d23d790fd4dcf8e6992524039bad9afbd939c0c1c17c196eed882eac81cf23df2c0f5879da382c4f2ddc7d01b9890e607954

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_F968CA97A68F4E6D5C104EC7FE3DFDEA

Filesize
471B

MD5
83e036e23558cb28f9260870a40f8cd4

SHA1
6d4d1ee3232ae15ba9b8b82bfc54866bb3ccd73d

SHA256
a0049ca89063fe23a2c46e2a9cef240238c399ed4cde42c19f8e4729b5130f2f

SHA512
b363bcd1f2c77466760f04b8f488eed97304065f196b32a137c86790996e9b8d0817126b068d09e15a9f22413228a39f398a14375ee8cc421e967f99c1bd2428

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
001aea54d9c0d49832d6acddffc01e5b

SHA1
aca583347602f4529598d2b2ba524cab00bea322

SHA256
7ebca4a167030b2db1e1fe2602de046ca08d8f7a8191c696937d8fd6646a8721

SHA512
62c78395d1d45838f528652522c8920f3e7edbaa0ebed1e57400ff272d280e98efcc801b256a282dc8f7a61bc76f5deacc33daa78a1d9e6d8cf66e040dd8b1b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dbc89d18192f9719896ff8dc45856aa9

SHA1
56ab36cd58960f1ce1276acaccf2456374a97c0a

SHA256
6d16a0161af50044f8d759cd256e4fc4a405929735595b8d196fd16d9279f80a

SHA512
97796b58e8f61a20b3d5f2ec5750e9b6c04bffd9f45e7c559ffe412238ff46458db1191d5645a3bacc795203516f707de8c2cd3e30c289c5586f959ce838b279

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd7822569e239f2628a47006a657ea98

SHA1
d49fcc5a1b7cc1ee2d6cfd164a0ffca42e8551f6

SHA256
c4dc2ad6293d6e867010b5acd5649045725f74c47d44f8c532b7f182482ec336

SHA512
a4b8fc3140d158470c8793862d23b7a5e7a168327e7b7b459f3c580cd2af818194760000c97bf6b1a1f479e19a886717032ce3298502417f923016f468f91664

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11f9270688ad0a7ea3a148dd03fb02bf

SHA1
75ac2005926f3da3bbbe25043b859022f7220a0e

SHA256
64f2cf46838f417f640959e8ccf75084294ec7d3a7510ef4a57b68910042e5a2

SHA512
350106a1fb2eedcd81d7243d16681cc27513d93f47e690eb8034ce1fd7b026acfacee7d5c856388df2a779bf6cd1d04590f2c6c288980f80f7ba3b6819804232

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
159d68a918df252b6a911a0498abea99

SHA1
93743de010e7f3c0a2ec90a837bcf4d3dedeec34

SHA256
c444ddb6505c4a356978739244993a6cec4c173325481de68bb18bd6868a1c42

SHA512
8b29b8cab801dd4118b7ef1e9d82eb6b220002637866c4c5f051c8b31f5b7bdc560fb6e48a0e21be8434075e369dcc2dabd6508e0847ac4d88c794fd431d2269

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab521c55d2da15594674f1b3f10b97fe

SHA1
9df4b7cc9fe9cde4edd472a1166123f31b8278c7

SHA256
2f15ed6f0b0fe3976fb0b0230ad30e259651e7c0b16f9007f925c369fd78001e

SHA512
5d8e825e0691f91d3f20537d5226bc39da4648d151a91adf052230da1b71532fe2a6e9e4e4b98519a1f2f7333d0b1fe2afe9081fa0a66ec84e2dc25868829016

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
488a93aadd0e9479a9f1f417b7bb96d5

SHA1
8e992093ec4f8f3e5d367df8442b13e9a805c357

SHA256
242ac5027aac466e40fa650c2bfbc50ab301cc9bc489a5843e69bb3ac43a0875

SHA512
6955487706f595242cc788d25cbf6488aeba026e607fcb63e43ee207b0de54aff701c99905ea1139e5836d8f611c97a4fcb8411c616651d881e36904f0e2bf88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4435545c43ba5f330008bb845ab299f7

SHA1
a0e77c99dab9272e09bb695e960de8645a0f97c1

SHA256
33b4d8c2f230f2785abaa2cbd1685a72d7a28a66d7d61336629814f8d36d0918

SHA512
b3ddfda160cafcba9d542f1f16e25f90d5299525ed08614357f217f7e3002f203d5a3de3264c0e2e141ee49cf581625483e47174d904ddb109bc957488274e5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
056a84824ab78ef6f971f2db908c1b07

SHA1
304f2d375684f0d630757dfec02fdcb4902f3248

SHA256
95c9f614a51783ec8a10cd99654ec9dc3af5739756706286f2d555aedbc625c3

SHA512
eb75444b2e32b31f5e4fad6f48238f0533ceb37a85dd63df3bd684d9aca684ee048904481960abce84c77b2b75af94d8ae410dc33ae1edb1fd5e68205e6f3c08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_5F8ABD199E1CF2EB9B30F8FD50D3DB0D

Filesize
402B

MD5
6388a8e67ce963c9ad68f71124d036f8

SHA1
8f19e2389b1f349c38234d6e77db5fcdaf429eb5

SHA256
18118d9dfde3323bbd1c54d16a43387af704196b785ef3df35c8225ba04bc274

SHA512
a6ab997b05709711689a4ae417446717fdb7a4d2e73f5464561cebc00f80f17f35bce6b7aa1490cda00471bb178f248913e590d4aa94ed5bd1a9e0e78a3e3e5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_5F8ABD199E1CF2EB9B30F8FD50D3DB0D

Filesize
402B

MD5
bb67899ae2d3d58560a0bfa60e649a51

SHA1
d2a7357a325c25ba235f95d0020e166d7c643b58

SHA256
c5a2ecfa8e6d775f977e7811da0138d450e7fc25e6ba11a0c5b37b9440fd2523

SHA512
c6a87ebf1b2a4baf15e311f2844b64a20a10a59720537b5bba9dd2497517090c75f90dcb43115fb3d7c7eb0770c1ff4e7d5053f7df2628f1bc4f013c49fb15b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F91VN88R\plusone[1].js

Filesize
63KB

MD5
65d165a4d38bfc0c83b38d98e488f063

SHA1
1c4ed17c5598a07358f88018a4872aa37ae8bc07

SHA256
b1320e0dda0858c87971f7baa0d53063ad2a429d232fd06b0067bda8b9eeb0ec

SHA512
abf4c755d88193e7e05398b6f934fc561d8e2adbee7d2170af399e145e54a4a8a93988e4af4e28d6240c0bd1bda7035ae97f67a85a471088820baae8d89f3d41

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF22D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF230.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit