5a2484fca83762c09c830406fb539ab1f0a2d6345fb4c7d8440d4bc75f36e36a

Analysis

max time kernel
129s
max time network
135s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 00:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d32a6da452e56741d701cfe82e360553_JaffaCakes118.html
Size

37KB
MD5

d32a6da452e56741d701cfe82e360553
SHA1

25027c44f72616c09cca19b5e6edbf991314bf69
SHA256

5a2484fca83762c09c830406fb539ab1f0a2d6345fb4c7d8440d4bc75f36e36a
SHA512

9c525b7cbb677393f7481a9f45730b9313ca8c9ae54d9e02beabcb9cda3263767c04335195f524ee344fa88e6baa727be19c5c29177570aeccdab997bd678975
SSDEEP

384:Wu65KnSo0lNW3gCYKiFEK3ITHJRAI0+3bK01b0baGWfOQs0QKKQFUsSExOF2zMxa:alPqG8Ufx2L

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431918074"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5C8FFD01-6D7B-11EF-AAC7-FE6EB537C9A6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1908	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1908	iexplore.exe
1908	iexplore.exe
1980	IEXPLORE.EXE
1980	IEXPLORE.EXE
1980	IEXPLORE.EXE
1980	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 1980	1908	iexplore.exe	30
PID 1908 wrote to memory of 1980	1908	iexplore.exe	30
PID 1908 wrote to memory of 1980	1908	iexplore.exe	30
PID 1908 wrote to memory of 1980	1908	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d32a6da452e56741d701cfe82e360553_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1908 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
411827e209c3011c1bdc8c4b87f185e8

SHA1
68c95c6c5af06abed4de2fb6c748300b22958eb5

SHA256
0b9d64215fe2191a662581053479daea27d89dcb425303c52daebfd629638b41

SHA512
29db32fdbffe504f26ccf8cad0172de225cf34ff5514e18b86f320a4826397731d67fb947145778a122bebea4ff1880fd094e4504ea338db552818459c824a43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3af93e9b495b4eefd54f143c49ea65f0

SHA1
bac6b85ebf90248ef54b01332ef7f55121c825ab

SHA256
c98ab543e8b93c6b963528ffdd3288278081cae7a42f3498e894113bc7703b2f

SHA512
632e45eea4ac0780e41cad24ae3cb28dc50cd0d1d625991cbf6bada16db9d35c9465304163440b0ded330aee105d668225f9a498dfb2007bc7a58a64af416973

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66d48cd537c9b4f2eb93723747394f50

SHA1
22216e152f2de979f6d997dcd6aea24d83c9608c

SHA256
8bc123b39f11af9971a958a66abc0f8c5013154459e7b1fb78dfb167690d326e

SHA512
2764e895e4b6387120232b9a38e5d7a19368a7705358c8017f108b57f44cdbb9e5f7226d0f2f2c5f3d09161de86f75f199a58037fec616f949c3bcb2cfb3bee8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec4ef3bc87693f8bf0c053837a381561

SHA1
d075f167e23a973beb818e15b19ee94f4a22d182

SHA256
615e989c5b8969404b12d17b0f8ea0107bb2be07bc9e87863afc7c8a22cd4fc0

SHA512
5992448d50df2b53e503a137644d509f3c1370ab7b605f02ad3bf50b41855fd0a8eec34ba93a91080a595f2d07bb3d9e315b088042935c9aa02110ef01ed5fef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87efe0f59f8ead549ef2c795f52d2209

SHA1
3385c8fe9e9b21a4352bf2e4e0bc647c0e00cbed

SHA256
feb30b4e01db8011dac2856f27b6a99207baa49190ee0bbfa4e9e465932004d2

SHA512
76e1ccab92c2657abd07549f47db8c08070ad4f65eaa14f5a8b292317d4bd5afb32801365f31a9c50e14b467741fb3d3f81ca4d5270150a4ea6ebbb6e8446299

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e591f00595067f788fbd2ee25464f2d5

SHA1
5a67b7afb92e47c812c35ef4346819b2afbd935f

SHA256
2649a1ed8a4a9a928fb497f91efdf0b228b7efc10b1bcdfa369375f5894e2ada

SHA512
3393af4dfccbf483b9cccc5618df135c491c2b6d1887c1792524d72dd48e3a52d09f8fdae9def4099d3f6dac3f381c72328614f238031ef85fcf2c7021bb655a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9cff12c3bc28944d763657cad64e8ff4

SHA1
a44e032ac209d4ee946a8cea3fdebe97e7780f43

SHA256
56edaec3cbd43ae3a03dc683559832ba72c35f89c1f029aefa8281067f364acd

SHA512
e2ae23293b4d8cf996aac1fd300099e6cdd0e9585ddb30b91a0b7a2cb4991e3a9160252f01c10963b70811287babbe7a139c7d7a91d7f9a2bcf8d55cad03ec8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c328ba4c40f256959fe852cfec5d9fc

SHA1
a48de7d21c4c7aaea49f2d71eb1b4e3782732be4

SHA256
6c7083c25f32f8153b79e44892384541be940fb715fece3dd385d3e8a87931f2

SHA512
52449bf59f51e4905dc254f47300dfa5249b29d6aea3280aa33e0fba8618e9fa42e86991b910feee0229ee785ea0bed329aba54fac52be193804a76315c9aefd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47b657fa3fffd75ec37f01f6f9a61e03

SHA1
58227ec18b86ac0f1d652a9db5e3e4a1b5d51f24

SHA256
2aad94bfed2466e098217f48207900463509bd60b392bbb00fe32241b4617d0d

SHA512
c9b8c59b14a9ef2e5bc0288314f5cd271f92684c7bd2372e5ad9afc071b32bd7521e8b3abc255df5b11d78b07319dbaac0293478d1fa7f4e37a85a5dca76c961

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f55eeac2c7889042e62f80d6bbdf4ac

SHA1
6aa5fb6d4707b55a6cc284b103eed20247381cee

SHA256
2fb6c59ebb151543d054f5d7f5d5368f63243621f2d385ca5b395e2a477a8ea1

SHA512
18a576c536b6b7ecd023c2f69109cdfe331dcf005306813a1b36cf555c07432b4d512c32c269f3424414432c7bc043f0c0b809203a473b2ea40dcf3ab43f9d7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c435f906a13ed9627769f498831f1733

SHA1
9b08d10c0a26bfaa1b524dd9ec636e77665d120f

SHA256
94aed1da6bef783084feae55d19cd4dfd6c7ae9f16c855b95c404cdee6d79c86

SHA512
66a5f3b3f0b625f646cb932452ef745211d2881c14bdc620eb4c2c1365fb5225817f4656a69dc1a671dca4cd0134d713cb52db74f719ca5b824cc97634785bfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7fe0d0f29dbb5c6399dd8eaa200701c

SHA1
97d3b35221c2f39a919718ac08c89f2dbde173f6

SHA256
e3fb8899968d9064847af385c416086ce5b601d29194407920a7b96d86fd1e4b

SHA512
220473e4fd78a195265b4c75264047216354a0cbc5dcaf8cbedb45eb3e1af7cd37dfd0ae129c0198447f62785a5320ff302f320d3e65d998b262170f91defeb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2e21c3165c2d87370e63c5ca33ed6d8

SHA1
f8e8ab62060d4078c1b5e60c84bc0d6c8fe8efa1

SHA256
0cdbf678d0ac699ddac55149a835ba9322f933bd7a0f7d9874a19ee5553d34db

SHA512
0bffb564c27ff843a0e79edc0379a9bda75d388749468e8cbb08f4863af93d4e170e2b3504fa9387fd756cea46045f8a5aad160c8192ee1349907db3b38740ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49f6e3b9b0711d50fa8a4dd30e2a3ac9

SHA1
42a536c56d0e7a859b52477559c9aa791286cb91

SHA256
6e4badf1bf8deca73d2c93eb3643a723844accced7ad2b01f0e54b9f5a9df51d

SHA512
0ee663a1ebcc8279699f6394c9a2bcf7e819ed0bb2c3326e7ea808cbedf8cf3f2e86ce78385cf0b2657a1600d805b54ba55a2bdb0e632131906ec154e9a93aea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4662e98f78faf2b2f3f68f0015eb185e

SHA1
5fc2a2bb839308ded747007dfd3c1848617ea15f

SHA256
24105e7ea25d8e8a44eb92f6f48bdf915195f68f4f0ee3761afe4f682cc7f0eb

SHA512
01a8ccdeb2efdaaa243b30826f883de7c98cbebb064082b0603b8c5fa8945d0fe60c48026876589ab8b465310db78cc88131ad6a0a279650a3c3e1d6cdea1d28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7869ed94eac8726b4370770971ff9db

SHA1
3aea7881482d783028ffc0b78c6ad56bdc811bf5

SHA256
2434e8cb570c67080855e7aa4946b55e7a9c3863ba8768e5a2746080974ba53f

SHA512
5b0c9fe8cf8dfc1c657f10aa6296e2a654301912bb84cfaff589592075df39aeb56d4e3882e4fd9693ae529cfce7e230c60ffaf26914f80f657e6727b227fe0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fad3d26cdaba177833c1b3eb4bb730a

SHA1
0916af3aed4d407445765c5878a6c0a58b9f3d2c

SHA256
e4dce2a76aa2423f3520929b4004d1dc7871ebc710f03a06089b92f2b23417c9

SHA512
c5465c54b6fbbe4337a30723d88631b5a5adddb54ecf9a316d9d04d3a4628b88584effb0cca73857a8bcd08e2fc3d4573229da61d88499b7d7da4b7195883c06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52975a3f192b82b1f9e558105a23ee7a

SHA1
55953180f075f8d48a5de23963eff0af22936ca2

SHA256
b87a68dcec41ff0634cffd1a1c960efb9c1eb92b8dc4b4f5ae776404f1d86bfa

SHA512
c234d24df6fd287481bc7442b563733b2d94c4cafb053b27f54334a6dd775dcd28c9be51782815fad75691dcc389c4c02cda9043141e3f4fa7297effb9901f55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f4d0b4555ac236a7c6b062e00bbb04f

SHA1
52bdc5f1d6b7ba022a3bdf983edc1e42a1752971

SHA256
6410ef62dcab36035d7661b6102b98d21440e5e03d068dff390ba94f8d730c3a

SHA512
83ed803c6b192d63b60fc249f0e11cf6b60582e90e53c796f8f40a778003022e768e6138cd629aa7a838072876c2f746e1d71e964d40341584300478dce0b1ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB157.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB158.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit