e8651ec1032029ae5361ed7644737bb80f72ef0b8eb4bc105ced93598af40ac6

Analysis

max time kernel
144s
max time network
153s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 01:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d3451dcc8a7aa0379b859d5cce8a0445_JaffaCakes118.html
Size

64KB
MD5

d3451dcc8a7aa0379b859d5cce8a0445
SHA1

9745557dd67e3141f5a484828c3eb1f62b942870
SHA256

e8651ec1032029ae5361ed7644737bb80f72ef0b8eb4bc105ced93598af40ac6
SHA512

08edac9b86140bc8ddfd5c122a9eff2deefabcc6654ff8983e5fa1dc82bd77fde02953261defa284a8aa88f98381b1ddebe4f1deb58f96d5a946e21cfb4777cf
SSDEEP

1536:oRl/DTTu/RMIP2qwQ9qw2wOGO/OghIx96tbtmM8CjmFElcXJsijJ6hwCNwlSB58r:oX/DTTSCIjwQ9qw2XzhwTlSB58fl3zu8

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CFEF1E81-6D84-11EF-B462-D60C98DC526F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431922133"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1968	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1968	iexplore.exe
1968	iexplore.exe
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2668	1968	iexplore.exe	30
PID 1968 wrote to memory of 2668	1968	iexplore.exe	30
PID 1968 wrote to memory of 2668	1968	iexplore.exe	30
PID 1968 wrote to memory of 2668	1968	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d3451dcc8a7aa0379b859d5cce8a0445_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3c5c3105e03179419fd25e3b2fbd808

SHA1
b6438103e7a543755ac4f9acb28c2d7eb560f813

SHA256
d5fbe941bd04e4c03f5d071724de79065f5b8600080147c59dc6417ce29df275

SHA512
c151c81a6d95f80ffe95528f8bf94f30cdc3351810fc163f92de6f26ba52d33163ea5e6600f62c1bcd0b125d832a47c08161759796fed16f6deb94cc2386c7c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c59a0eccc82c6298ad1e2e9a03956086

SHA1
10f4d99844bbf73aba6b522807fead8da8866a98

SHA256
80f3a5a408ac57114e3f18656a5fa08bf08a8ea7e6230bfe838d4044ffe9ae84

SHA512
292ae6f41930a5827f7202b28f98a64edc2486ce85424c445fb109b91a6ff562579543e2050f4eed495b5c7dff62d595be6e80b23edc746ca08993bcd80a8eef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5df509c242181da250fb4ee8660e55a4

SHA1
9b1109b58e0d5e1db562291f45fcf879b98fda84

SHA256
c5a0d08a68f7d9a6a231bb1faa70a4044468cc3a07b61d6911be608e62c34ae1

SHA512
b14fb35c715ec60400f6664a682c5a4ccac2761b0c54ef7c9032809c14d5bf83aecc8e313d1c50d9bbc64ffe37bf6b52b4ebbc75208de1f5d3aaa4b2abc3a366

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63125ecfbd3c0d58e479bd3745946fa1

SHA1
670d88bd71eac8f65c14d946dc0e6359b9cca0eb

SHA256
3a31e27b243286ce0cd1efff2d715580ebb4e8e2c24e49272cf567a08b1697d6

SHA512
04c2b8ce1206edc2b07b425531ed5ee08bc9304afa178610aa2dd1a35b7ccc76c59ac16dd86c72e71f03f97bb6c3069259783e5b65ef29a5593df0943b7e7fe0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2fd1c5114a34d4c1e1b35429f311c707

SHA1
fc862c85934b1cdd2e5e4d1f4223d63622dd50d1

SHA256
765d38a559befed5214d02ca41670bd9310a9ad039c83be98c6c11b0c2d874ce

SHA512
89ac3fc0a0b0a3ee09a997f34d1d30231f41939bc4bfb6503f0c1fa25198312cc5131c4cde8597e36e52ab2c9e6095d2f1d0b95203d16d20d459a647b9c26aa0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87e73e6143d1c428045266003d4dd0c0

SHA1
d1bcbb9bda28adcd32ad8591c7b056cf2cbf7c64

SHA256
b4b7ccd6d2ded48072dc71352a732b39fdb94b609a1fe25bc9274dfd5b88a4e7

SHA512
352413770dfb64f7c56ed372753811e3cdd2f52fa1619185ce11a27758a0641aefe9cd730aa5e856ffb7e02b15c63697f658dbe97998a9d5b7ab785c2e82f727

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3aac547283426678d84cb440f31996f

SHA1
6def81dfdf5e97d4d567c7e4e7357901c2daf0fd

SHA256
0378f390f67878edccb4e986d37eb12d71a1f3ac7112ecbe0e26bc1085d45482

SHA512
4b4009f9e2291e8da479fae697717b2786e119f73353c29edf7c32c35ddb9c56007f2fbceb2d853788b13e8655c043c76d0390d7b41971fa2f3474623d57d176

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0dddae82ff026c62dc0527b0c3ec021

SHA1
113a2a7db1e73667e88abb5f8680a522f3cb3678

SHA256
938dd21f8cd2916b4b6bb3718e392ac0390ab25a3b1387d412acebe9518abc00

SHA512
1d4d12e03c0d0e80f7192e0a3225d6b8b595dc14c3923fc1ee8d2177e8642176e66f1586bf94c9cfa612f5118963dccbdd9edfcf265bc02b6996ef3a2361d43f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79b40ef8d975685f8b356c45c01cfe9a

SHA1
42ba0549f0de58f3000774b79adc20dbb41f8afd

SHA256
413df158facdbd2c167be51345e0fa800bfa899a197b328f801dc0d68b42e683

SHA512
68a252ff76992eb49325c9c74008fd39265698f24ae5373abb265a4bd1c748e7f51d2bb141707ec9556f7047132ada0366e08f0d6a653cf7dda6a8943db84bb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a4ad530a07389fd5cf57302f68daaff

SHA1
72a68d4c59961ef6f90eec3638ef63b8330bca89

SHA256
e5b73aecbfd94e1c4bf3dcc0af0202b9f31508172047503e592fb118cc4dbf04

SHA512
714e9f54ccc8f17911cd4dc172ce0cc8b9e05df5b6ff5e360bf13f5d71b7b9c9c819c99c2e662a2cb78e9c0518258ecff1c91e56933195d41e5383afd628f6ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1595.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar15D7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit