3eb9a951a5b18cec78127e860b2135903716a0f199bdf7b96510a25aec851ba6

Analysis

max time kernel
140s
max time network
141s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 11:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d44280a114598fb369cf46ba840e8437_JaffaCakes118.html
Size

20KB
MD5

d44280a114598fb369cf46ba840e8437
SHA1

c47ca998813dd9316dbd375d633f59f5179af8f3
SHA256

3eb9a951a5b18cec78127e860b2135903716a0f199bdf7b96510a25aec851ba6
SHA512

1a6cda34675be96e577c32b24e458491dcfa025bf75c8f7ad2af41b8aba17ae8518e0bdb26da74dab31c236363d682a0b6d3e46a353c3c7dd779d938407511a9
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAId4zzUnjBh1/82qDB8:SIMd0I5nO9HBsv1ExDB8

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431957016"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{05704F11-6DD6-11EF-AB3B-C60424AAF5E1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2384	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2384	iexplore.exe
2384	iexplore.exe
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2504	2384	iexplore.exe	30
PID 2384 wrote to memory of 2504	2384	iexplore.exe	30
PID 2384 wrote to memory of 2504	2384	iexplore.exe	30
PID 2384 wrote to memory of 2504	2384	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d44280a114598fb369cf46ba840e8437_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90ae25b6f9133c0c6b501ae5ad5a4ccb

SHA1
7b0608ca281e3d0fd9bba63bcb50eceb32e2d2b4

SHA256
fc599f037363a375fe4dd79e6188e2cf47f79c5907041632c122b4bfb0b986d9

SHA512
aaf3466e2f950150873faf8c0180f90d3f609767acbd04ec2f7ea610662cd6986faa5038d7e94f6fcadf730821136faa7c39b007c0555bd9dc2e3d87767cfb3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67f2088dfc072975818c9a4680f4bbc2

SHA1
cd4f8f0a1963f3d25df5380cd6e8bcf71d7a647c

SHA256
b253c5d76e65ac61164335f769ab63cf180ac903eb6cb1833477b9e62063ec18

SHA512
f3aae7f2010668d2558bd03112e6440103575859ea046f8ca4136b93f439905bfc49696c2d37cf05d40aaeae5d8c1e8ea01c2bdf16680f57b0c9b2c4401de76f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ec5d0bc3d761d9fa6bbc66d750f4697

SHA1
02ab66a0e5905d67f6221d26b88765cd9d620089

SHA256
9e2cfca7ba64f387880ea7a99fbd546faa351f0f74fabf7ef052128f5f3383e1

SHA512
68a8841a05f5b64888a66563bab18605de8b46670f0467d4378595050b22e627d3dc0c61a29f82a976e1c4a7b1abb03e45c4056b78783b10dc1432462df6a0f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9906407e9602b8925f477017e50c90dd

SHA1
40d45211f26168da7a89a5313a55703f490e8315

SHA256
4ca7902dec16da7c375e9e2d3b64a5c2a59a56fdc9feac9d866a25c89ff45c71

SHA512
478cf6153dbcff36f1bad03ad9f380c095770a82e4f20aac1271fd86ff5ed9b20e6b0f0d04fcf5dc0b087a818abc99fdc98b2223e9c40d7db13cebe98a6f47b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f10655c20f8fc60d0acb2c8f8b19c2a6

SHA1
37518adae9d6831c5967ab5f4a2edd577993825f

SHA256
6f5f358233e1a01406cd87ec745870445b8df22cf34b9a870ac6bc40259a5b34

SHA512
2409275d7842a2e271e60af77d1119fc39eb037d778a258236c90fcd4e422e29f1df3d219e2051a0fc9acf3f9122eb10b8510f636c780d7f33ce7fed5acc017c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e82a1697993e50ca300d32a3a6640632

SHA1
d4c2669d554a2939e56260455d8266d2e59e649f

SHA256
d93f77feec05e26432c1e4ddb6ef643b1bc7ed13bbe57dbfdf0a9ae343cbfe98

SHA512
a4cfc2f61cbcfd6b961c0300a0f3d01e7f481212f0b75789eaf1eab463897004cc12fb3e3bfaa9a5889c5b8f14a27e2849dc9fee1ed30033885695c28ad6f3e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a933001e61319a2d43738b537eb11e2

SHA1
bf647aef3a4ce21b2daf4023aa44d1e1ad929ff1

SHA256
6c1f240a129387807989f87586c10fa7d71de30f30282b965b71739cf0d6bc99

SHA512
764c6908c58159bf21e51acb3fcf9a5e5d3141f4cad457882fb99adb757e0c4d9d75887c8b9bb2db5239e4d26d93f2a1d85af765d1df8158651ca55f92dbf3b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a3a66e54bb792eb7c991ca05514f921

SHA1
d54fdeb0fe44e747b53be7fe64da53b0e62bcfdc

SHA256
c4eadc8d18ad1a440afa30f62203c123e94049183c6955253801b7b067149a42

SHA512
e781bccc9b92b8d05c476c7f10c4c00210a41b1784db42924461e632c229aefd0a8b6a56646daa7b80fb1bb8f36426c1ad682073e4826e34e93f0ab166ff3ffc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8eb82f954a404659f3aa734adb14b59a

SHA1
7f1d63ea8c6d24c9e1c283257af805e94ecd5aac

SHA256
ebd90e5a7fe26af6c2dfbe6d2a394697612316ad3d9ce4a893a2f407cfa2e901

SHA512
590fb0228a4b5c42791ddff897d0f4c71072e9020683381f04c5b1f3c0ef3eb0d3ad2ad326085c2716c1092c8010b23d0a72bbaa2ef33641fe11aed8ecf74f69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b043ff4ab0012019aebed9871474bef6

SHA1
18eed3092af5a81070775f8ef3935da08e04b48e

SHA256
c2bba512a87477c30880c0cdccb8a2e5af1983540b0c704ba0072e331639f637

SHA512
dcead010d611cb15dcd8b52994a721f31894444693d1a5336548cbeeef14cf3de0df59b0825de3fc5e99d155d477ef3bed4f3bf12abcf4bfe71b3fc9345ca2e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8bf123de30d2f36032f655d612504335

SHA1
82d30410de1091ab1ae5da9771cf638f6679c52f

SHA256
3293ba6aba118d12d922697ac1db93bf5856d5be98a863a19a94bdad35cca2fe

SHA512
2ce3cc89f698bb15c15aa4089d7b3f9862b599b66659ca50b27a5a5153c853c69d141ba2d22993a336b558a23438089f3a247a126a096c9cb6ad4b961e54ed65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a2cd446fc6c4b610e69606a916c1d79

SHA1
61db274b4f8773cbe11ad7cc3a7d120807e71af5

SHA256
18642918cb4a67473fcbfc7be1bfd556479b0b27e18d18f274227e99fd0c5d07

SHA512
44b43f2e02d599e455e75b1314f2bddff5e4e13205c2aade5d78ecf4859610a4b7d916088fb9dd8a055433b777ed85c5e29fbf37b12674889a0d575d895bdec9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14a883eec3238f3a4f1458c3d8bf9af0

SHA1
a620f346f79629b8dd42556f8be28ce2b4d430cb

SHA256
66fb70294678b77fd839369c74b92cbb04a1f55731a970633cea61f001ff4b51

SHA512
b4f29e8eedca8d278f17d178f70c08d4d14da813027aea0b0a6b376f59e40798c97e88821e83bf764403f73aa9812e74b83a7a1f3b65c5a273b480080878f63d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c080b271784dd288169eee5ee60f61f3

SHA1
ce53ec48f8cf5b506c70c0a315df844c860ec75c

SHA256
fd3c2be6d444e519fd2221754d37887e3f8f4df5d0c959064b4e556f6b21381e

SHA512
3228b5b6f4de7b16f51c8bbcec4ce021646e0510feff8b37ba2cf0feff506f1fbf2886fc8b3a6d980e937144f532a6b56218050eae76a23e4b245fc9ac42cc1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59c6b6750d181457675a42b6d9760374

SHA1
7ef848853d00c3a8a609fdbe95137ea2f5c7bfe7

SHA256
730e4e2e9cf0bd76df02432156568226f22eaccb2e9a688e7e01e292fb9f540f

SHA512
5e0447f42d4ea1de4819be699ac68ed522958609848e7141f3cf290c8c0bbddba7e23e68a33a61929dcaa38345d02a3b853fb10536e63b89c11ef959d26ca050

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4cb3aff51e372b3afb0652ec1e59bff5

SHA1
b6f25f97eeec05a67c8f81435a71a96d8d4455a3

SHA256
636bbfab0be82c2a5cda506ccf8d98deadfdabc782baabff95513e7efd948e50

SHA512
d6d3d79c1490c9b39660f39a31fb283757c79c40bf08c6e46d7e4d26587305dd6fb18e344c915bbec656c7d1023db24d52fe9e14cf85ee5f70be814f3862f42b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
626fd3b577f56619c17b64410ebca295

SHA1
187b4f861d65fd3a6bee2877f6bd8bcc1b22f835

SHA256
81b8d4553e22a9dbfc8d6573ff82c96b04439973561d6263a9e1b9997ab785e8

SHA512
c307e20f62ace2c8b2b6eb0e353d37eaac3f0ce2997a27cb73cad3166c3ee49ccdc8c6ce01b917d72f5c8bb1f9c97f4fa192106d0128ffd17f485e073c8ee485

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3bd785ac7b18ee6cc5dfdc515c374d1

SHA1
2aaafb04e4219b631330c59f017e701ed01e5050

SHA256
23003aad9649768fb815dcee25ca7f6115670402a0551d6d667f24099e9a77d1

SHA512
5a83de03a51545291af1a7cdb811b6ea5607d65004b1fb8cb6a5847e32acea43ffe5c23345a69a0a1335a07d80f88e2443323d48b9602da463b2c49b8157dd43

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabADBE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB0BE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit